[TOMEE-2791] TomEE plus(7.0.7) is affected by CVE-2019-12400 vulnerability - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Minor
Resolution: Auto Closed
Affects Version/s: 7.0.7
Fix Version/s: 7.0.7
Component/s: None
Labels:
None

Description

TomEE plus version is using xmlsec-2.0.6.jar (Apache Santuario) version which is affected by vulnerability CVE-2019-12400 with CVSS score of 5.5 which is leading to potential security flaws.
Please confirm if this vulnerability impacts version 7.0.7 ?

Please upgrade to 2.1.4 version which has an official fix to address this issue.

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Jayaprakash

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 24/Mar/20 09:37

Updated:: 17/May/23 19:32

Resolved:: 17/May/23 19:32