CVE-2022-33980 in EMA

Question

question

daniel.lipofsky

3 ●4 ●5 ●10

CVE-2022-33980 in EMA

It looks like com.refinitiv.ema:ema:3.6.6.0 uses org.apache.commons:commons-configuration2:2.7 which suffers from CVE-2022-33980. I believe the fix is easy, just upgrade to 2.8.0

ema-api java

Jul 13, 2022 at 11:23 PM

10 |1500

Attachments: Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Jirapongse Jul 22, 2022 at 06:07 AM

@daniel.lipofsky

Hi,

Thank you for your participation in the forum.

Is the reply below satisfactory in answering your question?

If yes please click the 'Accept' text next to the reply. This will guide all community members who have a similar question.

Otherwise please post again offering further insight into your question.

Thanks,

AHS

Answer 1 · 2022-07-14T04:42:52Z

wasin.w

24.7k ●54 ●17 ●14

Hello @daniel.lipofsky

Thank you for the information, I have submitted the GitHub issue-201 on your behalf on the Real-Time SDK GitHub repository.

If you have more information, please feel free to contact the RTSDK team directly via the issue-201.

Jul 14, 2022 at 04:42 AM

10 |1500

Attachments: Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Q&A Forum

question

CVE-2022-33980 in EMA

1 Answer

Write an Answer

question

CVE-2022-33980 in EMA

1 Answer

Write an Answer

Related Questions