[
https://issues.apache.org/jira/browse/TOMEE-4254?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Richard Zowalla resolved TOMEE-4254.
------------------------------------
Resolution: Fixed
> Port fix for CVE-2023-42795
> ---------------------------
>
> Key: TOMEE-4254
> URL: https://issues.apache.org/jira/browse/TOMEE-4254
> Project: TomEE
> Issue Type: Dependency upgrade
> Affects Versions: 9.1.0
> Reporter: Richard Zowalla
> Assignee: Richard Zowalla
> Priority: Major
> Labels: CVE
> Fix For: 9.1.1
>
>
> Important: Information Disclosure CVE-2023-42795
> When recycling various internal objects, including the request and the
> response, prior to re-use by the next request/response, an error could cause
> Tomcat to skip some parts of the recycling process leading to information
> leaking from the current request/response to the next.
> This was fixed with commit 9375d671.
> This issue was identified by the Tomcat Security Team on 13 September 2023.
> The issue was made public on 10 October 2023.
> Affects: 10.1.0-M1 to 10.1.13
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
