third party libraries known CVE issues

Delft-FEWS uses third party libraries and analyses these libraries using the OWASP dependency check tool. See: https://owasp.org/www-project-dependency-check/

This page keeps track of known CVE issues in libraries that are distributed with Delft-FEWS and the upgrade strategy of these libraries.

Only CVE issues of severity Critical and High are reported here.

CVE

file

description

JIRA

upgrade strategy

CVE-2021-33813

jdom.jar

An XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to cause a denial of service via a crafted HTTP request.

FEWS-25546 - Getting issue details... STATUS

phase out xfire. This is used in:

embedded PI service. Has been deprecated and will be replaced with a new implemenation. https://issuetracker.deltares.nl/browse/FEWS-22053
Alarm module. Master controller calls Alarm Module soap service to sent events. This should be replaced by a new implementation: https://issuetracker.deltares.nl/browse/FEWS-25861

CVE-2021-33813

jdom-2.02.jar

An XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to cause a denial of service via a crafted HTTP request.

FEWS-25545 - Getting issue details... STATUS

Page tree