CVE-2022-45047 - Deserialization of Untrusted Data vulnerability in org.apache.sshd:sshd-common

Resolves #16779
2023-02-01 20:24:18 -03:00 · 2023-02-01 20:24:18 -03:00 · 963b7fbc9d
commit 963b7fbc9d
parent d32cc7c3f9
1 changed files with 7 additions and 1 deletions
--- a/pom.xml
+++ b/pom.xml
@ -121,7 +121,8 @@
        <okhttp.version>4.10.0</okhttp.version>
        <!-- Override of SnakeYAML to fix multiple CVEs -->
        <org.yaml.snakeyaml.version>1.33</org.yaml.snakeyaml.version>
-
+        <!-- Override sshd-common to fix CVE-2022-45047 -->
+        <org.apache.sshd.version>2.9.2</org.apache.sshd.version>
        <!-- Openshift -->
        <version.com.openshift.openshift-restclient-java>9.0.5.Final</version.com.openshift.openshift-restclient-java>

@ -301,6 +302,11 @@
                <artifactId>snakeyaml</artifactId>
                <version>${org.yaml.snakeyaml.version}</version>
            </dependency>
+            <dependency>
+                <groupId>org.apache.sshd</groupId>
+                <artifactId>sshd-common</artifactId>
+                <version>${org.apache.sshd.version}</version>
+            </dependency>
            <dependency>
                <groupId>org.keycloak</groupId>
                <artifactId>keycloak-dependencies-admin-ui-wrapper</artifactId>