Review Request 74612: RANGER-4421: Ranger - Upgrade Tomcat to 8.5.93/9.0.80 due to CVE-2023-41080

sanket shelar Tue, 19 Sep 2023 22:42:58 -0700

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74612/
-----------------------------------------------------------


Review request for ranger, dinesh  akhand, Kishor Gollapalliwar, Abhay 
Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Sailaja Polavarapu, 
and Velmurugan Periasamy.


Bugs: RANGER-4421
    https://issues.apache.org/jira/browse/RANGER-4421


Repository: ranger


Description
-------

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM 
authentication feature Apache Tomcat.This issue affects Apache Tomcat: from 
11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from 9.0.0-M1 
through 9.0.79 and from 8.5.0 through 8.5.92. The vulnerability is limited to 
the ROOT (default) web application.

CVSSv3 Score:- 6.1(Medium)

https://nvd.nist.gov/vuln/detail/CVE-2023-41080


Diffs
-----

  pom.xml 9b6f5e62b 


Diff: https://reviews.apache.org/r/74612/diff/1/


Testing
-------

tested all services are working.


Thanks,

sanket shelar

Review Request 74612: RANGER-4421: Ranger - Upgrade Tomcat to 8.5.93/9.0.80 due to CVE-2023-41080

Reply via email to