[
https://issues.apache.org/jira/browse/TOMEE-2789?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Martin Wiesner updated TOMEE-2789:
----------------------------------
Fix Version/s: 7.0.8
> TomEE plus(7.0.7) is affected by CVE-2020-1938(BDSA-2020-0339) vulnerability.
> ------------------------------------------------------------------------------
>
> Key: TOMEE-2789
> URL: https://issues.apache.org/jira/browse/TOMEE-2789
> Project: TomEE
> Issue Type: Bug
> Affects Versions: 7.0.7
> Reporter: Jayaprakash
> Priority: Critical
> Fix For: 7.0.8
>
>
> TomEE plus (7.0.7) is using Apache Tomcat 8.5.50 version which is affected by
> vulnerability CVE-2020-1938(BDSA-2020-0339) with CVSS score of *9.8* which
> causesĀ {{Information Disclosure and Potential Remote Code Execution via
> Apache JServ Protocol (AJP) Connector}}
> Apache Tomcat(8.5.51) addresses this vulnerability. Is there any scheduled
> release of TomEE plus(7.0.7) with this component ?
> If not planned, can you please upgrade TomEE plus(7.0.7) with Apache
> Tomcat(8.5.51) version or later which addresses this vulnerability.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
