Bug 13526

Summary: [CVE 21] groovy 2.4.8 CVEs found
Product: [ROSA-based products] ROSA Fresh Reporter: Yury <y.tumanov>
Component: System (kernel, glibc, systemd, bash, PAM...)Assignee: ROSA Linux Bugs <bugs>
Status: RESOLVED WONTFIX QA Contact: ROSA Linux Bugs <bugs>
Severity: normal    
Priority: Normal CC: e.kosachev, s.matveev, v.potapov, y.tumanov
Version: AllFlags: y.tumanov: secteam_verified?
Target Milestone: ---   
Hardware: All   
OS: Linux   
URL: CVE-2020-17521,
Whiteboard:
Platform: 2021.1 ROSA Vulnerability identifier:
RPM Package: ISO-related:
Bad POT generating: Upstream:

Description Yury 2023-08-24 00:19:41 MSK 
Please patch CVEs for package groovy version 2.4.8
  
INFO (CVEs are): groovy 2.4.8
 cves found
CVE-2020-17521
Desc: Apache Groovy provides extension methods to aid with creating temporary directories. Prior to this fix, Groovy's implementation of those extension methods was using a now superseded Java JDK method call that is potentially not secure on some operating systems in some contexts. Users not using the extension methods mentioned in the advisory are not affected, but may wish to read the advisory for further details. Versions Affected: 2.0 to 2.4.20, 2.5.0 to 2.5.13, 3.0.0 to 3.0.6, and 4.0.0-alpha-1. Fixed in versions 2.4.21, 2.5.14, 3.0.7, 4.0.0-alpha-2.
Link: https://nvd.nist.gov/vuln/detail/CVE-2020-17521
Severity: MEDIUM
Comment 1 Vladimir Potapov 2023-10-20 13:08:07 MSK 
*** Bug 13851 has been marked as a duplicate of this bug. ***
Comment 2 Vladimir Potapov 2023-10-20 13:08:21 MSK 
*** Bug 13719 has been marked as a duplicate of this bug. ***
Comment 3 Vladimir Potapov 2024-01-17 17:43:44 MSK 
minor issue https://security-tracker.debian.org/tracker/CVE-2020-17521