jest-common >= 0.1.6 not vulnerable to CVE-2015-1427
4 views
Skip to first unread message
Mauro Baluda
Jul 26, 2016, 7:18:27 AM7/26/16
to dependen...@googlegroups.com
Hallo,
The OWASP dependency scanner reports the CVE-2015-1427 vulnerability
for jest-common-0.1.7.jar
This is due to a dependency on elasticsearch.
However starting from 0.1.6 jest-common depends on elasticsearch
>=1.4.3 and is therefore not vulnerable:
https://github.com/searchbox-io/Jest/wiki/Changelog
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2015-1427
Mauro Baluda
--
Homme libre, toujours tu chériras la mer!
- Charles Baudelaire
The OWASP dependency scanner reports the CVE-2015-1427 vulnerability
for jest-common-0.1.7.jar
This is due to a dependency on elasticsearch.
However starting from 0.1.6 jest-common depends on elasticsearch
>=1.4.3 and is therefore not vulnerable:
https://github.com/searchbox-io/Jest/wiki/Changelog
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2015-1427
Mauro Baluda
--
Homme libre, toujours tu chériras la mer!
- Charles Baudelaire
Jeremy Long
Jul 27, 2016, 6:16:26 AM7/27/16
to Mauro Baluda, dependen...@googlegroups.com
Please report false positives as a github issue here: https://github.com/jeremylong/DependencyCheck/issues/new
Thanks!
Jeremy
--
You received this message because you are subscribed to the Google Groups "Dependency Check" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dependency-che...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Reply all
Reply to author
Forward
0 new messages