CVEs Impacting Insight

JFrog Release Information

Content Type
Release Notes
ft:sourceType
Paligo

The following is a list of CVEs that were discovered to impact Insight and were fixed.

CVE

Severity

Insight Fix Version

Fix Description

CVE-2022-45688

High

1.14.0

Upgraded org.json.

CVE-2023-1370

High

1.13.5

Upgraded json-smart to version 2.4.9.

CVE-2022-42003

High

1.13.5

Upgraded jackson-databind to version 2.13.4.2.

CVE-2022-45143

High

1.13.3

Upgraded tomcat-embed-core to version 9.0.69.

CVE-2022-31692

Critical

1.13.0

Upgraded spring-security-web to version 5.7.5.

Upgraded spring-bootcore to version 2.7.5.

CVE-2022-23181

High

1.7.0

tomcat-embed-core, has been upgraded to version 9.0.58.

CVE-2021-22060

Medium

1.6.0

Upgraded spring-web to version 5.3.14.

CVE-2021-42550

Medium

1.5.0

Upgraded logbackversion to 1.2.9.

CVE-2021-22096

Medium

1.4.0

Upgraded spring-web to version 5.3.12.