Uploaded image for project: 'Jira Software Data Center'
  1. Jira Software Data Center
  2. JSWSERVER-21486

CVE-2022-22970 and CVE-2022-22971 on JIRA spring-core-5.3.10.jar

XMLWordPrintable

    • Icon: Suggestion Suggestion
    • Resolution: Duplicate
    • None
    • Security
    • None
    • 33
    • We collect Jira feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

      Problem:

      Jira is working with the version of the spring framework spring-core-5.0.10. This spring framework is vulnerable to CVE-2022-22970 and CVE-2022-22971

      Suggested Solution

      The remediation  for these CVE's are update the spring framework library. The recommendation is updating to the version 5.3.21.

      Why This Is Important

      Security team and scanners raised concerns 

      Workaround

      None available 

              Unassigned Unassigned
              2ff873c3be7d Roman Ventura (Inactive)
              Votes:
              19 Vote for this issue
              Watchers:
              18 Start watching this issue

                Created:
                Updated:
                Resolved: