Comments (2)
Hello @heyams , you are correct - the GitHub page indeed does not have an affected version explicitly specified and the NVD page has an "awaiting analysis" banner for a while. Yet the description states that versions before 9.37.2 are affected, which can be further seen in the fix for PasswordBasedDecrypter - https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/526/.
Vulnerability description at Sonatype
We also see other projects upgrading the libraries to fix the vulnerability:
microsoft-authentication-library-for-android
Wildfly
Whether you want to upgrade now or wait for the issue to be analyzed is fully up to you. We are not aware if the vulnerability actually affects ApplicationInsights directly.
from applicationinsights-java.
@mightymoogle I understand your concern. However, that CVE hasn't listed the impacted version. I guess it's still under investigation?
from applicationinsights-java.
Related Issues (20)
- Adding per-worker metrics reported to JMX in applicationinsights.json for App Insights HOT 4
- Question: azure log analytics workspace migration HOT 1
- Q: regarding client secrets support HOT 1
- Application Insights runtime attach agent metric-filtering not working HOT 10
- Is there a way to sample overrides Servicebus requests? HOT 18
- Workflow failed: OWASP dependency check (daily) (#532) HOT 1
- Workflow failed: OWASP dependency check (daily) (#542)
- Workflow failed: OWASP dependency check (daily) (#547)
- Sampling based on dependency result HOT 2
- OpenTelemetry support for MQTT pub/sub with Application Insights Java agent HOT 1
- Ignore newline and carriage return in the connection string file
- Sampling override based on request processing time? HOT 7
- Support for OTEL Synchronous Gauge HOT 3
- ignore InProc sampling dependencies
- Sampling override with http.response.status_code doesn't work HOT 6
- MySql dependency tree not available with applicationinsights-agent-3.5.1 HOT 4
- Question: How to turn off instrumentation of just Azure Service Bus
- Workflow failed: OWASP dependency check (daily) (#585)
- Custom Availability telemetry not working HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from applicationinsights-java.