-
Bug
-
Resolution: Done
-
Medium
-
Dublin Release
tomcat-embed-core versions prior to 8.5.32 are vulnerable to the following CVEs:
CVE-2018-8014
CVE-2017-12617
CVE-2017-7675
CVE-2018-1336
CVE-2018-1305
CVE-2018-1304
CVE-2018-8037
CVE-2017-7674
CVE-2018-11784
CVE-2018-8034
tomcat-embed-websocket versions prior to 8.5.32 are vulnerable to CVE-2018-8034
Note: these dependencies are inherited from spring-boot-starter-tomcat version 1.5.16.RELEASE. Upgrading to latest 1.5.x version (1.5.19.RELEASE) will address this issue, since it is based on embedded tomcat version 8.5.37
- is cloned by
-
SDNC-610 Multiple CVEs - upgrade embedded tomcat to 8.5.32 or higher
- Closed