You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@tomee.apache.org by "Jayaprakash (Jira)" <ji...@apache.org> on 2020/03/24 09:38:00 UTC

[jira] [Created] (TOMEE-2791) TomEE plus(7.0.7) is affected by CVE-2019-12400 vulnerability

Jayaprakash created TOMEE-2791:
----------------------------------

             Summary: TomEE plus(7.0.7) is affected by CVE-2019-12400 vulnerability
                 Key: TOMEE-2791
                 URL: https://issues.apache.org/jira/browse/TOMEE-2791
             Project: TomEE
          Issue Type: Bug
    Affects Versions: 7.0.7
            Reporter: Jayaprakash
             Fix For: 7.0.7


TomEE plus version is using xmlsec-2.0.6.jar (Apache Santuario) version which is affected by vulnerability CVE-2019-12400 with CVSS score of 5.5 which is leading to potential security flaws.  
Please confirm if this vulnerability impacts version 7.0.7 ?

Please upgrade to 2.1.4 version which has an official fix to address this issue.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)