You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@tomee.apache.org by "Pardeep Kumar (Jira)" <ji...@apache.org> on 2020/10/13 08:57:00 UTC

[jira] [Created] (TOMEE-2908) TomEE plus is affected by CVE-2020-7226 (BDSA-2020-2333) vulnerability

Pardeep Kumar created TOMEE-2908:
------------------------------------

             Summary: TomEE plus is affected by CVE-2020-7226 (BDSA-2020-2333) vulnerability
                 Key: TOMEE-2908
                 URL: https://issues.apache.org/jira/browse/TOMEE-2908
             Project: TomEE
          Issue Type: Bug
            Reporter: Pardeep Kumar


TomEE plus version is using the *cryptacular-1.0.jar* which is affected by vulnerability CVE-2020-7226 (BDSA-2020-2333) with a CVSS score of 6.5 which causes denial-of-service (DoS) due to the mismanagement of system memory resources.


Please confirm if this vulnerability impacts version 7.0.7, 7.0.8, 7.1.2, and 7.1.3?



--
This message was sent by Atlassian Jira
(v8.3.4#803005)