You are viewing the documentation for Blueriq 14. Documentation for other versions is available in our documentation directory.
Identifier | Component | Issue | Solution |
---|---|---|---|
BQ-15678 | Customer Data Service, DCM Lists Service, JAVA Runtime | With this issue it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition. | The fix provided in the Spring Framework is applied to Blueriq 14 and 13 by upgrading Spring Framework to a newer patch version. For other Blueriq versions no patch is provided by the Spring Framework. |
BQ-15586 | Customer Data Service, DCM Lists Service, JAVA Runtime | CVE-2022-22965 was found. A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. | Fixed by upgrading spring framework to newer patch versions |
BQ-15505 | Customer Data Service, DCM Lists Service, JAVA Runtime | CVE-2020-36518 was detected on jackson-databind before 2.13.2.1 | Fixed by upgrading to the latest version of jackson-databind which does not contain the vulnerability. |