Uploaded image for project: 'Service Orchestrator'
  1. Service Orchestrator
  2. SO-3735

SO Critical vulnerability tomcat-catalina upgrade.

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Medium Medium
    • Jakarta Release
    • Istanbul Release
    • None

      so

      Status Priority Component name and version CVE Threat level Recommended version Project’s assessment
          Log4j : log4j : 1.2.17 CVE-2019-17571
      SONATYPE-2010-0053      		 9
      7      		 org.apache.logging.log4j : log4j-core 2.14.1 Its transitive dependency of org.onap.aaf.authz:aaf-misc-env:jar:2.1.21:runtime
      OPEN 1 org.apache.tomcat : tomcat-catalina : 9.0.30 CVE-2020-9484
      CVE-2021-24122      		 7
      5      		 10.0.5 Build failed after upgrade to 10.0.5
      OPEN 2 org.exist-db.thirdparty.xerces : xercesImpl : 2.12.0 SONATYPE-2017-0348 5 2.12.1 citrus-core:jar:2.8.0
      Internal dependency
      OPEN 2 org.glassfish.jersey.core : jersey-common : 2.22.1 CVE-2021-28168 5 3.0.2 Internal dependency from jersey-client:jar:2.26
       
      OPEN 2 org.glassfish.jersey.core : jersey-common : 2.30.1 CVE-2021-28168 5 3.0.2 Internal dependency from
      jersey-client:jar:2.26

            shashikanth.vh shashikanth.vh
            seshukm seshukm
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: