[ https://issues.apache.org/jira/browse/TOMEE-2789?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Martin Wiesner updated TOMEE-2789: ---------------------------------- Fix Version/s: 7.0.8 > TomEE plus(7.0.7) is affected by CVE-2020-1938(BDSA-2020-0339) vulnerability. > ------------------------------------------------------------------------------ > > Key: TOMEE-2789 > URL: https://issues.apache.org/jira/browse/TOMEE-2789 > Project: TomEE > Issue Type: Bug > Affects Versions: 7.0.7 > Reporter: Jayaprakash > Priority: Critical > Fix For: 7.0.8 > > > TomEE plus (7.0.7) is using Apache Tomcat 8.5.50 version which is affected by > vulnerability CVE-2020-1938(BDSA-2020-0339) with CVSS score of *9.8* which > causesĀ {{Information Disclosure and Potential Remote Code Execution via > Apache JServ Protocol (AJP) Connector}} > Apache Tomcat(8.5.51) addresses this vulnerability. Is there any scheduled > release of TomEE plus(7.0.7) with this component ? > If not planned, can you please upgrade TomEE plus(7.0.7) with Apache > Tomcat(8.5.51) version or later which addresses this vulnerability. -- This message was sent by Atlassian Jira (v8.3.4#803005)