| Vulnerabilities in MAT 1.13 [message #1855579] |
Fri, 21 October 2022 08:07  |
Eclipse User |
|
|
|
Using MAT 1.13 in my code and I see that multiple vulnerabilities have been identified.
These are seen because of the eclipse jars inside my MAT jar.
The list is:
CVE-2021-41033
CVE-2022-41852
CVE-2017-7657
CVE-2017-7658
CVE-2009-5045
CVE-2017-7656
CVE-2017-9735
CVE-2022-2048
CVE-2020-27216
CVE-2022-2191
CVE-2020-27225
Is there a fix to these, provided in a new build? Is this being looked into?
Is there anyother solution I can try?
Thanks.
|
|
|
| Re: Vulnerabilities in MAT 1.13 [message #1855637 is a reply to message #1855579] |
Tue, 25 October 2022 06:19  |
| Eclipse User |
|
|
|
See Bug 580541 which covers all those CVEs except CVE-2022-41852.
Most are false positives, due to the bug CVE quoting the Eclipse platform version, but the CVE checking tool looking at the jar version, which does not correspond.
I have added CVE-2022-41852 for further consideration.
If you find a more recent Eclipse IDE which passes your security scan then you could install Memory Analyzer into it, rather than use standalone MAT.
|
|
|
| Re: Vulnerabilities in MAT 1.13 [message #1856632 is a reply to message #1855637] |
Tue, 20 December 2022 03:46 |
| Eclipse User |
|
|
|
Thanks Andrew.
Can you please validate the information regarding CVEs mentioned below.
CVE-2021-41033 - Being looked into by MAT team
CVE-2022-41852 - Being looked into by MAT team
CVE-2017-7657 - False Positive
CVE-2017-7658 - False Positive
CVE-2009-5045 - False Positive
CVE-2017-7656 - False Positive
CVE-2017-9735 - False Positive
CVE-2022-2048 - Being looked into by MAT team
CVE-2020-27216 - False Positive
CVE-2022-2191 - Being looked into by MAT team
CVE-2020-27225 - False Positive
Is there any other work around?
|
|
|
|
|
Powered by
FUDForum. Page generated in 0.03606 seconds
] 
Search
Help
Register
Login
Home
