Delft-FEWS uses third party libraries and analyses these libraries using the OWASP dependency check tool. See: https://owasp.org/www-project-dependency-check/
This page keeps track of known CVE issues in libraries that are distributed with Delft-FEWS and the upgrade strategy of these libraries.
Only CVE issues of severity Critical and High are reported here.
CVE | file | description | JIRA | upgrade strategy |
---|---|---|---|---|
CVE-2021-33813 | jdom.jar | An XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to cause a denial of service via a crafted HTTP request. | FEWS-25546 - Getting issue details... STATUS | phase out xfire. This is used in:
|
jdom-2.02.jar | An XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to cause a denial of service via a crafted HTTP request. | FEWS-25545 - Getting issue details... STATUS |