Uploaded image for project: 'Common Controller SDK'
  1. Common Controller SDK
  2. CCSDK-979

Multiple CVEs - upgrade embedded tomcat to 8.5.32 or higher

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Medium Medium
    • Dublin Release
    • Dublin Release
    • apps

       

      tomcat-embed-core versions prior to 8.5.32 are  vulnerable to the following CVEs:

      CVE-2018-8014

      CVE-2017-12617

      CVE-2017-7675

      CVE-2018-1336

      CVE-2018-1305

      CVE-2018-1304

      CVE-2018-8037

      CVE-2017-7674

      CVE-2018-11784

      CVE-2018-8034

       tomcat-embed-websocket versions prior to 8.5.32 are vulnerable to CVE-2018-8034

      Note: these dependencies are inherited from spring-boot-starter-tomcat version 1.5.16.RELEASE.  Upgrading to  latest 1.5.x version (1.5.19.RELEASE) will address this issue, since it is based on embedded tomcat version 8.5.37

            djtimoney Dan Timoney
            djtimoney Dan Timoney
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: