On 30/08/2024 15:15, Kenan, John wrote:
Apache Tomcat Security Team:
Please advise when an update to Apache Tomcat will be released that addresses
the following Curl and libcurl security vulnerabilities:
What makes you think Tomcat has a dependency on Curl and/or libcurl?
Mark
Critical:
CVE-2023-38545
High:
CVE-2024-7264
Medium:
CVE-2023-46218
CVE-2023-46219
CVE-2024-0853
Low:
CVE-2023-38546
Thank you,
John P. Kenan
DevSecOps Engineer
US Environmental Protection Agency
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
