Details
-
Type:
Task
-
Status: Resolved
-
Priority:
Major
-
Resolution: Fixed
-
Affects Version/s: EE-4.3.0.GA_P04, EE-3.3.0.GA_P10
-
Fix Version/s: EE-4.3.0.GA_P05, EE-3.3.0.GA_P11
-
Component/s: ACE-Components
-
Labels:None
-
Environment:Any
-
Support Case References:Support Case 14724
Description
A new vulnerability in Apache Commons FileUpload (CVE-2023-24998) was brought to our attention by a supported customer. We don't use the Apache Commons FileUpload library in a regular way, but rather we integrated its source code into our own in 2010, as per ICE-5912, with some necessary adjustments to support our ace:fileEntry component. This JIRA is for investigating how this vulnerability could affect our ace:fileEntry component and for making necessary changes to mitigate this vulnerability.
Activity
- All
- Comments
- History
- Activity
- Remote Attachments
- Subversion
| Field | Original Value | New Value |
|---|---|---|
| Assignee | Arturo Zambrano [ artzambrano ] |
| Fix Version/s | EE-4.3.0.GA_P05 [ 14073 ] | |
| Fix Version/s | EE-3.3.0.GA_P11 [ 14074 ] |
| Support Case References | Support Case 14724 |
| Status | Open [ 1 ] | Resolved [ 5 ] |
| Resolution | Fixed [ 1 ] |