Apache 2.17 Security Vulnerability h2-1.4.197.jar and spring-context-5.3.39.jarΒ #12343
Description
Hello,
I use nuget "Apache.Ignite" with version "2.17.0" and I get an error when checking for vulnerabilities:
Library: com.h2database:h2 (h2-1.4.197.jar)
Vulnerability: CVE-2021-42392 (CRITICAL)
Fixed Version: 2.0.206
Title: Remote Code Execution in Console https://avd.aquasec.com/nvd/cve-2021-42392
Vulnerability: CVE-2022-23221 (CRITICAL)
Fixed Version: 2.1.210
Title: Loading of custom classes from remote servers through https://avd.aquasec.com/nvd/cve-2022-23221
Link to the MVN where these vulnerabilities are listed: https://mvnrepository.com/artifact/com.h2database/h2/1.4.197
Library: org.springframework:spring-context (spring-context-5.3.39.jar)
Vulnerability: CVE-2024-38820 (MEDIUM)
Fixed Version: 6.1.14
Title: The fix for CVE-2022-22968 made disallowedFieldspatterns in DataBinder ... https://avd.aquasec.com/nvd/cve-2024-38820
Vulnerability: CVE-2025-22233 (LOW)
Fixed Version: 6.2.7, 6.1.20
Title: CVE-2024-38820 ensured Locale-independent, lowercase conversion for bo ... https://avd.aquasec.com/nvd/cve-2025-22233
Are you planning to update versions to fix vulnerabilities?