Skip to content
This repository has been archived by the owner on Jan 21, 2024. It is now read-only.

Mule 4.3x Release v2.1.0

Latest
Latest
Compare
Choose a tag to compare
@sup-mule sup-mule released this 17 Nov 18:45
mule4.3x-v2.1.0
c99116b
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.

Release V2.1.0

Minimum mule version 4.3

JSON Logger 2.0.1 Vulnerabilities Fixed in this Release

Critical Severity

  • ✗ XML External Entity (XXE) Injection [Critical Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLWOODSTOX-2928754] in com.fasterxml.woodstox:[email protected]
    introduced by org.mule.services:mule-service-weave:[email protected] > org.mule.weave:[email protected] > org.mule.weave:[email protected] > com.fasterxml.woodstox:[email protected]
    This issue was fixed in versions: 5.3.0
  • ✗ Remote Code Execution (RCE) [Critical Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGMULERUNTIME-1089453] in org.mule.runtime:[email protected]
    introduced by org.mule.runtime:[email protected]
    This issue was fixed in versions: 4.3.0
  • ✗ XML External Entity (XXE) Injection [Critical Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGMULERUNTIME-1089455] in org.mule.runtime:[email protected]
    introduced by org.mule.runtime:[email protected]
    This issue was fixed in versions: 4.3.0
  • ✗ Remote Code Execution [Critical Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-2436751] in org.springframework:[email protected]
    introduced by org.mule.connectors:mule-jms-connector:[email protected] > org.mule.connectors:[email protected] > org.springframework:[email protected] > org.springframework:[email protected]
    This issue was fixed in versions: 5.2.20, 5.3.18

High Severity

  • ✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-2806360] in org.yaml:[email protected]
    introduced by org.mule.runtime:[email protected] > org.yaml:[email protected]
    This issue was fixed in versions: 1.31
  • ✗ XML External Entity (XXE) Injection [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1048302] in com.fasterxml.jackson.core:[email protected]
    introduced by com.fasterxml.jackson.core:[email protected]
  • ✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-2421244] in com.fasterxml.jackson.core:[email protected]
    introduced by com.fasterxml.jackson.core:[email protected]
  • ✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-NETMINIDEV-1078499] in net.minidev:[email protected]
    introduced by com.jayway.jsonpath:[email protected] > net.minidev:[email protected]
  • ✗ XML External Entity (XXE) Injection [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-DOM4J-174153] in dom4j:[email protected]
    introduced by org.mule.runtime:[email protected] > dom4j:[email protected]
    No upgrade or patch available
  • ✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGJSON-2841369] in org.json:json@20160810
    introduced by org.mule.runtime:[email protected] > org.everit.json:[email protected] > org.json:json@20160810
    This issue was fixed in versions: 20180130
  • ✗ XML External Entity (XXE) Injection [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-DOM4J-2812975] in dom4j:[email protected]
    introduced by org.mule.runtime:[email protected] > dom4j:[email protected]
    No upgrade or patch available
  • ✗ XML External Entity (XXE) Injection [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHEXMLBEANS-1060048] in org.apache.xmlbeans:[email protected]
    introduced by org.mule.runtime:[email protected] > org.apache.xmlbeans:[email protected]
    This issue was fixed in versions: 3.0.0

Medium Severity

  • ✗ Denial of Service (DoS) (new) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038424] in com.fasterxml.jackson.core:[email protected]
    introduced by com.fasterxml.jackson.core:[email protected]
  • ✗ Denial of Service (DoS) (new) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038426] in com.fasterxml.jackson.core:[email protected]
    introduced by com.fasterxml.jackson.core:[email protected]
  • ✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-2326698] in com.fasterxml.jackson.core:[email protected]
    introduced by com.fasterxml.jackson.core:[email protected]
  • ✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-NETMINIDEV-1298655] in net.minidev:[email protected]
    introduced by com.jayway.jsonpath:[email protected] > net.minidev:[email protected]
  • ✗ Deserialization of Untrusted Data [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMGOOGLECODEGSON-1730327] in com.google.code.gson:[email protected]
    introduced by com.mulesoft.muleesb.modules:[email protected] > com.google.code.gson:[email protected]
    This issue was fixed in versions: 2.8.9
  • ✗ Directory Traversal [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMMONSIO-1277109] in commons-io:[email protected]
    introduced by org.mule.connectors:mule-jms-connector:[email protected] > commons-io:[email protected]
    This issue was fixed in versions: 2.7
  • ✗ Server-side Request Forgery (SSRF) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGMULERUNTIME-1089457] in org.mule.runtime:[email protected]
    introduced by org.mule.runtime:[email protected]
    This issue was fixed in versions: 4.3.0
  • ✗ Improper Output Neutralization for Logs [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-2329097] in org.springframework:[email protected]
    introduced by com.mulesoft.muleesb.modules:[email protected] > org.springframework:[email protected]
    This issue was fixed in versions: 5.3.12, 5.2.18
  • ✗ Improper Input Validation [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-2330878] in org.springframework:[email protected]
    introduced by com.mulesoft.muleesb.modules:[email protected] > org.springframework:[email protected]
    This issue was fixed in versions: 5.2.19.RELEASE, 5.3.14
  • ✗ Multipart Content Pollution [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-460644] in org.springframework:[email protected]
    introduced by com.mulesoft.muleesb.modules:[email protected] > org.springframework:[email protected]
    This issue was fixed in versions: 4.3.14.RELEASE, 5.0.5.RELEASE
  • ✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-2434828] in org.springframework:[email protected]
    introduced by org.mule.runtime:[email protected] > org.mule.runtime:[email protected] > org.springframework:[email protected] > org.springframework:[email protected]
    This issue was fixed in versions: 5.2.20.RELEASE, 5.3.17
  • ✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-2823313] in org.springframework:[email protected]
    introduced by org.mule.connectors:mule-jms-connector:[email protected] > org.mule.connectors:[email protected] > org.springframework:[email protected] > org.springframework:[email protected]
    This issue was fixed in versions: 5.2.22.RELEASE, 5.3.20
  • ✗ Improper Handling of Case Sensitivity [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-2689634] in org.springframework:[email protected]
    introduced by org.mule.runtime:[email protected] > org.mule.runtime:[email protected] > org.springframework:[email protected]
    This issue was fixed in versions: 5.2.21, 5.3.19
  • ✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-2823310] in org.springframework:[email protected]
    introduced by org.mule.connectors:mule-jms-connector:[email protected] > org.mule.connectors:[email protected] > org.springframework:[email protected] > org.springframework:[email protected]
    This issue was fixed in versions: 5.2.22.RELEASE, 5.3.20
  • ✗ Stack-based Buffer Overflow [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-3016891] in org.yaml:[email protected]
    introduced by org.mule.runtime:[email protected] > org.yaml:[email protected]
    This issue was fixed in versions: 1.31
  • ✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-537645] in org.yaml:[email protected]
    introduced by org.mule.runtime:[email protected] > org.yaml:[email protected]
    This issue was fixed in versions: 1.26

Low Severity

  • ✗ Information Disclosure [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMGOOGLEGUAVA-1015415] in com.google.guava:[email protected]
    introduced by org.mule.connectors:mule-jms-connector:[email protected] > com.google.guava:[email protected]
    This issue was fixed in versions: 30.0-android, 30.0-jre
  • ✗ Stack-based Buffer Overflow [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-3016888] in org.yaml:[email protected]
    introduced by org.mule.runtime:[email protected] > org.yaml:[email protected]
    This issue was fixed in versions: 1.32
  • ✗ Stack-based Buffer Overflow [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-3016889] in org.yaml:[email protected]
    introduced by org.mule.runtime:[email protected] > org.yaml:[email protected]
    This issue was fixed in versions: 1.31
Assets 2
Loading