[ 
https://issues.apache.org/jira/browse/TOMEE-4235?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Richard Zowalla closed TOMEE-4235.
----------------------------------
    Fix Version/s:     (was: 10.0.0-M1)
                       (was: 9.1.1)
       Resolution: Fixed

> Bouncy Castle 1.75
> ------------------
>
>                 Key: TOMEE-4235
>                 URL: https://issues.apache.org/jira/browse/TOMEE-4235
>             Project: TomEE
>          Issue Type: Dependency upgrade
>    Affects Versions: 9.1.0
>            Reporter: Nikhil
>            Assignee: Richard Zowalla
>            Priority: Minor
>             Fix For: 10.0.0
>
>
> h1. Vulnerability Details
> h2. CVE-2023-33201
>  
> {*}Summary{*}: Bouncy Castle For Java before 1.74 is affected by an LDAP 
> injection vulnerability. The vulnerability only affects applications that use 
> an LDAP CertStore from Bouncy Castle to validate X.509 certificates. During 
> the certificate validation process, Bouncy Castle inserts the certificate's 
> Subject Name into an LDAP search filter without any escaping, which leads to 
> an LDAP injection vulnerability.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to