sunSUNQ
sunSUNQ
I apologize, there was an issue with the submission, and only 76e0e69e91b85dd72f8fac53d547dcdc4ff1d90c is relevant to the current vulnerability.
CVE-2018-1000861 is mentioned in the official advisory as related to SECURITY-595. In https://github.com/advisories/GHSA-hhpm-5cp2-hg4x, only https://github.com/jenkinsci/jenkins/commit/47f38d714c99e1841fb737ad1005618eb26ed852 is provided. However, I believe the following five commits are also relevant. https://github.com/jenkinsci/jenkins/commit/90b6d47af7ff0ae33f4ff816a0d9ca36223769b0 https://github.com/jenkinsci/jenkins/commit/db5defdf2f3c8efa4c8fb5a04502ebbccec96504 https://github.com/jenkinsci/jenkins/commit/3353e66082cd275b7bf55da7b2423d6ca11a1e2d...
Hello, I'm looking forward to your response.
Hello, I have added two patches for this vulnerability. In the official advisory at https://spring.io/security/cve-2018-1270, it is mentioned that the vulnerability affects the spring-messaging module. The affected versions range from...
Hello, I'm looking forward to your response.
Sure, I have submitted four patch links that are related to the current vulnerability. https://github.com/apache/tomcat/commit/493ba610a8973efec6e5ca5c02d8cc9c323d4d5f https://github.com/apache/tomcat/commit/c8a9a43183e061f09eb5cf7cd5443cecd8699462 https://github.com/apache/tomcat/commit/1930114c4122f2b6f45d6b92e7790288b17e2ad2 https://github.com/apache/tomcat/commit/fce861ba7f6ed5e11f839759f1c855370c43b8d3
Hello, I'm looking forward to your response.
The current vulnerability CVE-2018-15756 is related to https://github.com/spring-projects/spring-framework/issues/21851. Both the vulnerability descriptions and the handling of the "Range" header field are associated with SPR-17318. This is also related to https://github.com/spring-projects/spring-framework/commit/423aa28ed584b4ff6e5bad218c09beef5e91951e.
The https://jira.spring.io/browse/SPR-17318?redirect=false used can see the SPR-17318 is related to CVE-2018-15756, but now it can not be found. For this case, https://spring.io/security/cve-2018-15756 the range is Spring Framework 5.0.0 to 5.0.9...
Hello, I'm looking forward to your response.