Is SonarQube Vulnerable to CVE-2019-18935

tomf · February 5, 2020, 9:40am

Morning,

As we use SonarQube in our estate. I just wanted to query if any aspect of any of the SonarQube releases use any of the Telerik UI libraries, as we have been made aware that in certain (older) versions of this the below vulnerability is present;

https://nvd.nist.gov/vuln/detail/CVE-2019-18935

Does the SonarQube tooling make use of any of these Telerik libraries?

Cheers,

Tom

eric.therond · February 5, 2020, 1:46pm

Hello @tomf

Welcome to the community!

We don’t use Telerik UI libraries and, more generally, we try to carefully review and fix, as soon as possible, each vulnerabilities in components we can use.

Eric

tomf · February 5, 2020, 2:02pm

Thanks Eric! =)

Tom