Uploaded image for project: 'Network Controller'
  1. Network Controller
  2. SDNC-610

Multiple CVEs - upgrade embedded tomcat to 8.5.32 or higher

    XMLWordPrintable

    Details

    • Epic Link:
    • Sprint:
      SDNC Dublin Spr 3 3/11 - 3/29, SDNC Fr Sp2:11/23-12/13

      Description

       

      tomcat-embed-core versions prior to 8.5.32 are  vulnerable to the following CVEs:

      CVE-2018-8014

      CVE-2017-12617

      CVE-2017-7675

      CVE-2018-1336

      CVE-2018-1305

      CVE-2018-1304

      CVE-2018-8037

      CVE-2017-7674

      CVE-2018-11784

      CVE-2018-8034

       tomcat-embed-websocket versions prior to 8.5.32 are vulnerable to CVE-2018-8034

      Note: these dependencies are inherited from spring-boot-starter-tomcat version 1.5.16.RELEASE.  Upgrading to  latest 1.5.x version (1.5.19.RELEASE) will address this issue, since it is based on embedded tomcat version 8.5.37

        Attachments

          Issue Links

          # Subject Branch Project Status CR V

            Activity

              People

              Assignee:
              Unassigned
              Reporter:
              djtimoney Dan Timoney
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated: