Must-share information which versions are you using sonarqube 9.9.3.79811 and postgres15 how is SonarQube deployed: zip, Docker, Helm zip Hi experts, Two severity vulnerabilities CVE-2022-1471( SnakeYAML library for Java) and CVE-2024-1597(PostgreSQL JDBC Driver) was detected in our locally de…

Is Sonarqube affected by CVE-2022-1471 and CVE-2024-1597?

Colin (Colin) June 3, 2024, 8:49am 2

Hi,

I’ve unlisted your topic since you’re reporting a vulnerability. Our responsible disclosure policy asks that you email security@sonarsource.com rather than making public posts. Could you please re-send this to security@sonarsource.com!

Thanks!

Topic		Replies	Views
Which SonarQube Community version mitigates CVE-2024-1597? SonarQube Server / Community Build	4	95	November 8, 2024
CVE-2022-42889 effect on SonarQube SonarQube Server / Community Build security , cve	27	6805	November 25, 2022
CVE-2023-4911 vulnerability in Sonar image SonarQube Server / Community Build security	2	1074	October 11, 2023
CVE-2022-22970, CVE-2022-22971 Vulnerabilities in SonarQube 8.9 LTS SonarQube Server / Community Build sonarqube , security , spring , cve	1	1448	May 9, 2023
Is CVE-2022-42889, AKA Text4Shell vulnerability impacting SonarQube SonarQube Server / Community Build security , cve	1	1496	October 21, 2022