You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@tomee.apache.org by "Guzman Castanedo (Jira)" <ji...@apache.org> on 2022/09/15 07:54:00 UTC

[jira] [Created] (TOMEE-4047) CVE-2022-29885 vulnerability on TomEE 7.0.9 version

Guzman Castanedo created TOMEE-4047:
---------------------------------------

             Summary: CVE-2022-29885 vulnerability on TomEE 7.0.9 version
                 Key: TOMEE-4047
                 URL: https://issues.apache.org/jira/browse/TOMEE-4047
             Project: TomEE
          Issue Type: Bug
    Affects Versions: 7.0.9
            Reporter: Guzman Castanedo
             Fix For: 7.0.10


Hello,

We are using TomEE 7.0.9 and we have found that this version is affected by CVE-2022-29885, because it uses internally tomcat 8.5.57.

The tomcat versions affected by this vulnerability are between 8.5.38 and 8.5.78.

It is planned to fix this issue on next TomEE 7.0 versions?

 

We have found the same problem in TomEE 7.1 version.

 

References:
 * [https://nvd.nist.gov/vuln/detail/CVE-2022-29885]

 

Thank you very much.

Best regards.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)