Actions
Bug #24606
closed
Upgrade postgresql since CVE-2024-1597 and ignore other JS CVEs
Pull Request:
Severity:
Trivial - no functional impact | cosmetic
UX impact:
User visibility:
Effort required:
Very Small
Priority:
0
Name check:
To do
Fix check:
To do
Regression:
No
Description
When running dependency checks :
[2024-03-27T16:17:11.576Z] icu4j-23.1.1.jar (pkg:maven/org.graalvm.shadowed/icu4j@23.1.1, cpe:2.3:a:icu-project:international_components_for_unicode:23.1.1:*:*:*:*:*:*:*, cpe:2.3:a:unicode:international_components_for_unicode:23.1.1:*:*:*:*:*:*:*, cpe:2.3:a:unicode:unicode:23.1.1:*:*:*:*:*:*:*) : CVE-2017-15396, CVE-2017-15422, CVE-2020-21913
[2024-03-27T16:17:11.576Z] lift-webkit_2.13-3.5.0.jar: ext-core-debug.js (pkg:javascript/ExtJS@3.1.0) : CVE-2010-4207, CVE-2012-5881
[2024-03-27T16:17:11.576Z] lift-webkit_2.13-3.5.0.jar: jquery-1.3.2.js (pkg:javascript/jquery@1.3.2) : jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates
[2024-03-27T16:17:11.576Z] lift-webkit_2.13-3.5.0.jar: jquery-1.4.4.js (pkg:javascript/jquery@1.4.4) : jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates
[2024-03-27T16:17:11.577Z] postgresql-42.7.0.jar (pkg:maven/org.postgresql/postgresql@42.7.0, cpe:2.3:a:postgresql:postgresql_jdbc_driver:42.7.0:*:*:*:*:*:*:*) : CVE-2024-1597
The only potential issue is the one with postgresql which could be unsafe if the PreferQueryMode JDBC option is changed.
We should upgrade to avoid being reported and risking this vulnerability.
Updated by 
Updated by
Actions