JFlex depends on unsafe ant@1.7.0 #294

regisd · 2018-08-30T09:28:55Z

There is a dependency de.jflex:jflex@1.6.1 → org.apache.ant:ant@1.7.0
ant@1.7.0 allows remote attackers to cause a denial of service (CPU consumption) via a file with many repeating inputs.
https://snyk.io/vuln/SNYK-JAVA-ORGAPACHEANT-30510

Fix issue jflex-de#294

* Update ant to 1.7.0 → 1.10.5 Fix Security vulenrability (DoS) #294

regisd added the security label Aug 30, 2018

regisd self-assigned this Aug 30, 2018

regisd added a commit to regisd/jflex that referenced this issue Aug 30, 2018

Update ant to 1.7.0 -> 1.10.5

e533eca

Fix issue jflex-de#294

regisd added this to the 1.7.0 milestone Aug 30, 2018

regisd mentioned this issue Aug 30, 2018

Update ant to 1.7.0 -> 1.9.7 #295

Merged

regisd closed this Sep 3, 2018

regisd added this to Open bugs in JFlex core via automation Sep 30, 2018

regisd added this to To do in ant task via automation Sep 30, 2018

regisd moved this from To do to Done in ant task Sep 30, 2018

jflex-de / jflex

JFlex depends on unsafe ant@1.7.0 #294

JFlex depends on unsafe ant@1.7.0 #294

regisd commented Aug 30, 2018

jflex-de / jflex

Join GitHub today

GitHub is where the world builds software

JFlex depends on unsafe ant@1.7.0 #294

JFlex depends on unsafe ant@1.7.0 #294

Comments

regisd commented Aug 30, 2018

Essential cookies

Always active

Analytics cookies