[TOMEE-2791] TomEE plus(7.0.7) is affected by CVE-2019-12400 vulnerability - ASF JIRA

Attach files

Attach Screenshot

Bulk Copy Attachments

Bulk Move Attachments

Voters

Watch issue

Watchers

Create sub-task

Convert to sub-task

Link

Clone

Labels

Update Comment Author

Replace String in Comment

Update Comment Visibility

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Minor
Resolution: Auto Closed
Affects Version/s: 7.0.7
Fix Version/s: 7.0.7
Component/s: None
Labels:
None

Description

TomEE plus version is using xmlsec-2.0.6.jar (Apache Santuario) version which is affected by vulnerability CVE-2019-12400 with CVSS score of 5.5 which is leading to potential security flaws.
Please confirm if this vulnerability impacts version 7.0.7 ?

Please upgrade to 2.1.4 version which has an official fix to address this issue.

Attachments

Activity

Comment

This comment will be Viewable by All Users Viewable by All Users

Cancel

People

Assignee:: Unassigned

Reporter:: Jayaprakash

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 24/Mar/20 09:37

Updated:: 17/May/23 19:32

Resolved:: 17/May/23 19:32

Agile

View on Board

TomEE plus(7.0.7) is affected by CVE-2019-12400 vulnerability

Details

Description

Attachments

Attachments

Activity

People

Dates

Agile

Slack

Issue deployment