Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

CVE-2024-29131 commons-configuration2 - Analysis of vulnerability

Description

Severity: moderate

Package Name: org.apache.commons_commons-configuration2

Current version 2.9.0 // fixed in 2.10.1

Link: https://nvd.nist.gov/vuln/detail/CVE-2024-29131

Modules impacted:

mod-kb-ebsco-java

Spitfire

fixed on HEAD of master branch: https://github.com/folio-org/mod-kb-ebsco-java/pull/501

Checklist

hide

Activity

Show:

Julian Ladisch May 5, 2024 at 4:16 PM

mod-kb-ebsco-java doesn’t use the commons-configuration2 dependency, not in Poppy, not in Quesnelia, not in HEAD of master branch.

Therefore it’s not affected and this issue can be closed.

Unresolved

Details

Assignee

Reporter

Priority

RCA Group

TBD

Labels

TestRail: Cases

Open TestRail: Cases

TestRail: Runs

Open TestRail: Runs
Created April 9, 2024 at 4:52 PM
Updated May 23, 2024 at 3:42 PM
TestRail: Cases
TestRail: Runs