Home > database >  How to fix CVE-2019-8457 vulnerability in Spring Boot
How to fix CVE-2019-8457 vulnerability in Spring Boot

Time:06-23

How to fix CVE-2019-8457 vulnerability in Spring Boot application, since none of my known dependencies includes SQLite3 in Spring Boot 2.6.6, jdk18-slim docker image

CVE-2019-8457   
db5.3:5.3.28 dfsg1-0.8  
HIGH    

SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables.

CodePudding user response:

use alpine version of container images which mostly does not have high and critical vulnerabilities

CodePudding user response:

Please inspect the dependency tree of your project to check if there is a transitive dependency defined on sqlite3. You may not be using sqlite3 directly in the project dependencies, there is a chance that some other library has defined it as a dependency.

For maven.

mvn dependency:tree

For gradle.

gradle dependencies

Once you find it, use exclusion pattern to exclude the older version of sqlite3 and explicitly declare a dependency of sqlite3 with the fixed version of sqlite3 version.

Page link:https//www.codepudding.com/database/450893.html

Prev:Do Python or Pycharm have a log of past console output?
Next:Multiple controls on same line in SwiftUI macOS form
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding