Details
Description
TomEE plus version is using BouncyCastle(BC) 1.63 version which is affected by vulnerability CVE-2019-17359 (BDSA-2019-3168) with CVSS score of 7.5 which causes DenialOfService issue thereby causing OutOfMemory error.
Please confirm if this vulnerability impacts version 7.0.7, 7.1.2 and 8.0.1. ?
Please upgrade to BC 1.64 which has an official fix to address this issue.