Jayaprakash created TOMEE-2791: ---------------------------------- Summary: TomEE plus(7.0.7) is affected by CVE-2019-12400 vulnerability Key: TOMEE-2791 URL: https://issues.apache.org/jira/browse/TOMEE-2791 Project: TomEE Issue Type: Bug Affects Versions: 7.0.7 Reporter: Jayaprakash Fix For: 7.0.7
TomEE plus version is using xmlsec-2.0.6.jar (Apache Santuario) version which is affected by vulnerability CVE-2019-12400 with CVSS score of 5.5 which is leading to potential security flaws. Please confirm if this vulnerability impacts version 7.0.7 ? Please upgrade to 2.1.4 version which has an official fix to address this issue. -- This message was sent by Atlassian Jira (v8.3.4#803005)