Loading...

XML

Word

Printable

Type: Bug
Resolution: Done
Priority: Medium
Fix Version/s: Guilin Release
Affects Version/s: Dublin Release
Component/s: sdnc-oam
Labels:
- El_Alto_Early_Drop
- Security

Epic Link:
Security bugs
Sprint:
SDNC Dublin Spr 3 3/11 - 3/29, SDNC Fr Sp2:11/23-12/13

tomcat-embed-core versions prior to 8.5.32 are vulnerable to the following CVEs:

CVE-2018-8014

CVE-2017-12617

CVE-2017-7675

CVE-2018-1336

CVE-2018-1305

CVE-2018-1304

CVE-2018-8037

CVE-2017-7674

CVE-2018-11784

CVE-2018-8034

tomcat-embed-websocket versions prior to 8.5.32 are vulnerable to CVE-2018-8034

Note: these dependencies are inherited from spring-boot-starter-tomcat version 1.5.16.RELEASE. Upgrading to latest 1.5.x version (1.5.19.RELEASE) will address this issue, since it is based on embedded tomcat version 8.5.37

clones

CCSDK-979 Multiple CVEs - upgrade embedded tomcat to 8.5.32 or higher

Closed

mentioned in: Page Loading...; Page Loading...

Assignee:: Dan Timoney

Reporter:: Dan Timoney

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 23/Jan/19 8:15 PM

Updated:: 09/Sep/20 12:41 PM

Resolved:: 09/Sep/20 12:41 PM

Details

Description

Attachments

Issue Links

Activity

People

Dates