[ https://issues.apache.org/jira/browse/TOMEE-4235?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Richard Zowalla closed TOMEE-4235. ---------------------------------- Fix Version/s: (was: 10.0.0-M1) (was: 9.1.1) Resolution: Fixed > Bouncy Castle 1.75 > ------------------ > > Key: TOMEE-4235 > URL: https://issues.apache.org/jira/browse/TOMEE-4235 > Project: TomEE > Issue Type: Dependency upgrade > Affects Versions: 9.1.0 > Reporter: Nikhil > Assignee: Richard Zowalla > Priority: Minor > Fix For: 10.0.0 > > > h1. Vulnerability Details > h2. CVE-2023-33201 > > {*}Summary{*}: Bouncy Castle For Java before 1.74 is affected by an LDAP > injection vulnerability. The vulnerability only affects applications that use > an LDAP CertStore from Bouncy Castle to validate X.509 certificates. During > the certificate validation process, Bouncy Castle inserts the certificate's > Subject Name into an LDAP search filter without any escaping, which leads to > an LDAP injection vulnerability. -- This message was sent by Atlassian Jira (v8.20.10#820010)