Description
When using tasks to read config files, there is a risk of database password disclosure. We recommend you upgrade to version 2.0.6 or higher.
Remediation
References
https://lists.apache.org/thread/z7084r9cs2r26cszkkgjqpb5bhnxqssp
Related Vulnerabilities
CVE-2020-17534 Vulnerability in maven package org.netbeans.html:webkit
CVE-2020-28923 Vulnerability in maven package com.typesafe.play:play
CVE-2020-13925 Vulnerability in maven package org.apache.kylin:kylin-server
CVE-2023-3432 Vulnerability in maven package net.sourceforge.plantuml:plantuml
CVE-2021-22060 Vulnerability in maven package org.springframework:spring-core