Uploaded image for project: 'Common Controller SDK'
  1. Common Controller SDK
  2. CCSDK-979

Multiple CVEs - upgrade embedded tomcat to 8.5.32 or higher

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Medium
    • Resolution: Done
    • Affects Version/s: Dublin Release
    • Fix Version/s: Dublin Release
    • Component/s: apps
    • Labels:

      Description

       

      tomcat-embed-core versions prior to 8.5.32 are  vulnerable to the following CVEs:

      CVE-2018-8014

      CVE-2017-12617

      CVE-2017-7675

      CVE-2018-1336

      CVE-2018-1305

      CVE-2018-1304

      CVE-2018-8037

      CVE-2017-7674

      CVE-2018-11784

      CVE-2018-8034

       tomcat-embed-websocket versions prior to 8.5.32 are vulnerable to CVE-2018-8034

      Note: these dependencies are inherited from spring-boot-starter-tomcat version 1.5.16.RELEASE.  Upgrading to  latest 1.5.x version (1.5.19.RELEASE) will address this issue, since it is based on embedded tomcat version 8.5.37

        Attachments

          Issue Links

          No reviews matched the request. Check your Options in the drop-down menu of this sections header.

            Activity

              People

              Assignee:
              djtimoney Dan Timoney
              Reporter:
              djtimoney Dan Timoney
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: