JFlex depends on unsafe ant@1.7.0 #294

regisd · 2018-08-30T09:28:55Z

There is a dependency de.jflex:jflex@1.6.1 → org.apache.ant:ant@1.7.0
ant@1.7.0 allows remote attackers to cause a denial of service (CPU consumption) via a file with many repeating inputs.
https://snyk.io/vuln/SNYK-JAVA-ORGAPACHEANT-30510

Fix issue jflex-de#294

* Update ant to 1.7.0 → 1.10.5 Fix Security vulenrability (DoS) #294

regisd added the security Security vulnerabilities label Aug 30, 2018

regisd self-assigned this Aug 30, 2018

regisd added a commit to regisd/jflex that referenced this issue Aug 30, 2018

Update ant to 1.7.0 -> 1.10.5

e533eca

Fix issue jflex-de#294

regisd added this to the 1.7.0 milestone Aug 30, 2018

regisd mentioned this issue Aug 30, 2018

Update ant to 1.7.0 -> 1.9.7 #295

Merged

regisd added a commit that referenced this issue Aug 31, 2018

Update ant to 1.7.0 → 1.9.7 (#295)

0a7d966

* Update ant to 1.7.0 → 1.10.5 Fix Security vulenrability (DoS) #294

regisd closed this as completed Sep 3, 2018

regisd added this to Open bugs in JFlex core via automation Sep 30, 2018

regisd added this to To do in ant task via automation Sep 30, 2018

regisd moved this from To do to Done in ant task Sep 30, 2018

lsf37 moved this from Open bugs to Done in JFlex core Nov 10, 2022

JFlex depends on unsafe ant@1.7.0 #294

JFlex depends on unsafe ant@1.7.0 #294

Comments

regisd commented Aug 30, 2018