Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Block 2 more gadget types (newrelic-agent, CVE-2020-36188/CVE-2020-36189) #2996

Closed
cowtowncoder opened this issue Dec 23, 2020 · 1 comment
Closed

Block 2 more gadget types (newrelic-agent, CVE-2020-36188/CVE-2020-36189) #2996

cowtowncoder opened this issue Dec 23, 2020 · 1 comment
Labels
CVE Issues related to public CVEs (security vuln reports)
Milestone
2.9.10.8

Comments

@cowtowncoder
Copy link
Member

cowtowncoder commented Dec 23, 2020
edited

Another gadget type(s) reported regarding class(es) of com.newrelic.agent.java:newrelic-agent library (version 3.x).
See https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 for description of the general problem.

Reporter(s): Al1ex@knownsec
Mitre id(s):

Note: derivative of #2334 and #2389 (embedded logback-core)

Fix will be included in:
@cowtowncoder cowtowncoder added to-evaluate Issue that has been received but not yet evaluated CVE Issues related to public CVEs (security vuln reports) and removed to-evaluate Issue that has been received but not yet evaluated labels Dec 23, 2020
@cowtowncoder cowtowncoder added this to the 2.9.10.8 milestone Dec 26, 2020
@cowtowncoder cowtowncoder changed the title Block 2 more gadget types (placeholder) Block 2 more gadget types (newrelic-agent) Dec 26, 2020
@abergmann
Copy link

The following CVEs have been assigned to this issue:

@cowtowncoder cowtowncoder changed the title Block 2 more gadget types (newrelic-agent) Block 2 more gadget types (newrelic-agent, CVE-2020-36188/CVE-2020-36189) Jan 7, 2021
This was referenced Jan 9, 2021
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
This was referenced Jun 6, 2022
Closed
Closed
Closed
Closed
Closed
Closed
This was referenced Aug 1, 2022
Open
Open
This was referenced Sep 20, 2022
Open
Open
@cxronen cxronen mentioned this issue Nov 28, 2022
Open
This was referenced Dec 25, 2022
Open
Open
@cxronen cxronen mentioned this issue Dec 20, 2022
Open
This was referenced Jan 26, 2023
Open
Open
This was referenced Nov 22, 2022
Open
Open
This was referenced Feb 21, 2023
Open
Open
Open
This was referenced Feb 15, 2023
Open
Open
Closed
This was referenced Apr 28, 2023
Open
Open
This was referenced May 25, 2023
Open
Open
This was referenced May 25, 2023
Open
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
CVE Issues related to public CVEs (security vuln reports)
Projects
None yet
Milestone
2.9.10.8
Development

No branches or pull requests
2 participants
@cowtowncoder @abergmann