A question about the Vulnerability in javajpeg #1234
Labels
Comments
|
@zxhvdf What tool did you use for the scanning? |
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Please provide a brief summary of the bug
I'm a security engineer and my company has been using your team's JDK artifacts, but a recent security scan reported 8 vulnerabilities in the javajpeg.dll, and then I tried to update the JDK to version 21 and found that these 8 vulnerabilities still exist. Therefore, for security reasons, we would like to know whether your team will have a plan to solve the vulnerability in javajpeg at some time, and look forward to your reply
Did you test with the latest update version?
Please provide steps to reproduce where possible
1、Scan OpenJDK17U-jdk_x64_windows_hotspot_17.0.14_7.zip in
https://github.com/adoptium/temurin17-binaries/releases/download/jdk-17.0.14%2B7/OpenJDK17U-jdk_x64_windows_hotspot_17.0.14_7.zip
still get 8 vulnerabilities, libjpeg of 6b version
this is file list where vulnerabilities come from
this is vulnerabilities list
CVE-2020-14152
CVE-2020-14153
CVE-2021-39515
CVE-2021-39516
CVE-2021-39517
CVE-2021-39518
CVE-2021-39519
CVE-2021-39520
2、 I try to scan OpenJDK21U ,vulnerabilities still exist.
3、I want to know your teams’ idea about these vulnerabilities. If you can know your solution, then I can't thank you enough
Expected Results
Expecte a artfact without vulnerabilities.
Actual Results
artfact of OpenJDK17U report vulnerabilities。
What Java Version are you using?
OpenJDK17U
What is your operating system and platform?
No response
How did you install Java?
No response
Did it work before?
Did you test with other Java versions?
Relevant log output
The text was updated successfully, but these errors were encountered: