Changes in Update Released on 03-January-2024
This update includes the changes described in the following sections.
Issues/Bugs Addressed
The following issues were addressed in the Update:
Updates to Apache Struts Components
Added vulnerability information to the following apache-struts components:
| Component ID | Name | URL |
|---|---|---|
| 33042 | apache-struts | http://struts\.apache\.org |
| 565248 | struts2-core | https://repo1\.maven\.org/maven2/org/apache/struts/struts2\-core |
| 738786 | apache-struts | https://github\.com/apache/struts |
| 5398957 | struts | http://struts\.apache\.org/ |
Related to Vulnerability CVEs
- CVE-2023-50164 (https://nvd.nist.gov/vuln/detail/CVE-2023-50164).
Issues Addressed
The following issues were addressed in the Update:
| Issue ID | Issue Summary |
|---|---|
| SCA-51793 | Addition of vulnerability mappings for Apache struts component for CVE-2023-50164 (https://nvd\.nist\.gov/vuln/detail/CVE\-2023\-50164\)\. Updated component/version info for the below components |
| SCA-51532 | Addition of new licenses to data library MICROSOFT.WEB.XDT and MICROSOFT ASP.NET SIGNALR and also updating component/version information for Nuget components |
| SCA-51265, SCA-51033 | Updating component/version information for Npmjs/Pypi components. |
Collector Status
The following table lists Collector Status information.
| Name | Date of Last Successful Run |
|---|---|
| npm | 12/28/2023 |
| crates | 8/25/2022 |
| cpan | 12/28/2023 |
| clojars | 12/28/2023 |
| rubygems | 12/21/2023 |
| maven-google | 12/22/2023 |
| cran | 12/23/2023 |
| hackage | 12/24/2023 |
| packagist | 12/24/2023 |
| go | 12/27/2023 |
| pypi | 12/27/2023 |
| nuget gallery | 12/21/2023 |
| maven2-ibiblio | 12/06/2023 |
| github | 12/27/2023 |
| fedora-koji | 12/13/2023 |
| alpine | 12/27/2023 |
| gitlab | 6/6/2023 |
| debian | 12/25/2023 |