Project

General

Profile

Actions

Bug #24606

closed

Upgrade postgresql since CVE-2024-1597 and ignore other JS CVEs

Added by Clark ANDRIANASOLO 8 months ago. Updated 8 months ago.

Status:
Released
Priority:
N/A
Category:
Security
Target version:
Severity:
Trivial - no functional impact | cosmetic
UX impact:
User visibility:
Effort required:
Very Small
Priority:
0
Name check:
To do
Fix check:
To do
Regression:
No

Description

When running dependency checks :


[2024-03-27T16:17:11.576Z] icu4j-23.1.1.jar (pkg:maven/org.graalvm.shadowed/icu4j@23.1.1, cpe:2.3:a:icu-project:international_components_for_unicode:23.1.1:*:*:*:*:*:*:*, cpe:2.3:a:unicode:international_components_for_unicode:23.1.1:*:*:*:*:*:*:*, cpe:2.3:a:unicode:unicode:23.1.1:*:*:*:*:*:*:*) : CVE-2017-15396, CVE-2017-15422, CVE-2020-21913

[2024-03-27T16:17:11.576Z] lift-webkit_2.13-3.5.0.jar: ext-core-debug.js (pkg:javascript/ExtJS@3.1.0) : CVE-2010-4207, CVE-2012-5881

[2024-03-27T16:17:11.576Z] lift-webkit_2.13-3.5.0.jar: jquery-1.3.2.js (pkg:javascript/jquery@1.3.2) : jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates

[2024-03-27T16:17:11.576Z] lift-webkit_2.13-3.5.0.jar: jquery-1.4.4.js (pkg:javascript/jquery@1.4.4) : jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates

[2024-03-27T16:17:11.577Z] postgresql-42.7.0.jar (pkg:maven/org.postgresql/postgresql@42.7.0, cpe:2.3:a:postgresql:postgresql_jdbc_driver:42.7.0:*:*:*:*:*:*:*) : CVE-2024-1597

The only potential issue is the one with postgresql which could be unsafe if the PreferQueryMode JDBC option is changed.

We should upgrade to avoid being reported and risking this vulnerability.

Actions

Also available in: Atom PDF