CVE-2022-22970 and CVE-2022-22971 on JIRA spring-core-5.3.10.jar

XMLWordPrintable

    • Type: Suggestion
    • Resolution: Duplicate
    • None
    • Component/s: Security
    • None
    • 33

      Problem:

      Jira is working with the version of the spring framework spring-core-5.0.10. This spring framework is vulnerable to CVE-2022-22970 and CVE-2022-22971

      Suggested Solution

      The remediation  for these CVE's are update the spring framework library. The recommendation is updating to the version 5.3.21.

      Why This Is Important

      Security team and scanners raised concerns 

      Workaround

      None available 

            Assignee:
            Unassigned
            Reporter:
            Roman Ventura (Inactive)
            Votes:
            19 Vote for this issue
            Watchers:
            18 Start watching this issue

              Created:
              Updated:
              Resolved: