14 lines
1.9 KiB
JSON
14 lines
1.9 KiB
JSON
{
|
|
"id": "openEuler-SA-2024-1072",
|
|
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1072",
|
|
"title": "An update for testng is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3",
|
|
"severity": "Important",
|
|
"description": "TestNG is a testing framework inspired from JUnit and NUnit but introducing some new functionality that make it more powerful and easier to use, such as: * Annotations. * Run your tests in arbitrarily big thread pools with various policies available (all methods in their own thread, one thread per test class, etc...). * Test that your code is multithread safe. * Flexible test configuration. * Support for data-driven testing (with @DataProvider). * Support for parameters. * Powerful execution model (no more TestSuite). * Supported by a variety of tools and plug-ins (Eclipse, IDEA, Maven, etc...). * Embeds BeanShell for further flexibility. * Default JDK functions for runtime and logging (no dependencies). * Dependent methods for application server testing.\r\n\r\nSecurity Fix(es):\r\n\r\nA vulnerability was found in cbeust testng 7.5.0/7.6.0/7.6.1/7.7.0. It has been declared as critical. Affected by this vulnerability is the function testngXmlExistsInJar of the file testng-core/src/main/java/org/testng/JarFileUtils.java of the component XML File Parser. The manipulation leads to path traversal. The attack can be launched remotely. Upgrading to version 7.5.1 and 7.7.1 is able to address this issue. The patch is named 9150736cd2c123a6a3b60e6193630859f9f0422b. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-214027.(CVE-2022-4065)",
|
|
"cves": [
|
|
{
|
|
"id": "CVE-2022-4065",
|
|
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4065",
|
|
"severity": "Important"
|
|
}
|
|
]
|
|
} |