Le 17/07/2024 à 17:12, Pawan Verma -X (pawverma - INFOSYS LIMITED at Cisco) via wildfly-dev a écrit :
>
> We are seeing some critical and high vulnerabilities in some of the packages which are bundled along with wildfly 32.0.1.Final
>
> 1. dom4j:1.6 --> CVE-2020-10683 (critical)
>

> 2. aws-java-sdk-s3:1.11.750 --> CVE-2022-45688 (high)
>

> 3. json , version 20201115 --> CVE-2022-45688 (high)
>

> 4. undertow-core, version 2.3.12.Final --> CVE-2024-6162 (high)
>

> 5. xnio-api, version 3.8.13.Final --> git l (high)
>

> 6. activemq-artemis-native, version 2.0.0 --> CVE-2022-41678 (high)
>
This is wrong, it is not the native part that is for this CVE but the jokolia support which we don't provide

> 7. spring-web, version 6.1.5 --> CVE-2024-22262 (high)
>
Not provided by us

> 8. wildfly-elytron-realm-token, version 2.2.3.Final --> CVE-2024-1233 (high)
>

> 9. soap, version 2.3.1 --> CVE-2022-45378
>

> Any guidance on how we can rectify these vulnerabilities while using wildfly 32.0.1.Final
>
> Thanks,
>
> Pawan
>
>
> _______________________________________________
> wildfly-dev mailing list -- wildfly-dev@lists.jboss.org
> To unsubscribe send an email to wildfly-dev-leave@lists.jboss.org
> Privacy Statement: https://www.redhat.com/en/about/privacy-policy
> List Archives: https://lists.jboss.org/archives/list/wildfly-dev@lists.jboss.org/message/PWDCK5752TX5BMRA6MZE76V4QUR74XG7/
_______________________________________________
wildfly-dev mailing list -- wildfly-dev@lists.jboss.org
To unsubscribe send an email to wildfly-dev-leave@lists.jboss.org
Privacy Statement: https://www.redhat.com/en/about/privacy-policy
List Archives: https://lists.jboss.org/archives/list/wildfly-dev@lists.jboss.org/message/IZZQ7MOHWWCUDS5RVBPUWUFTYOKEMKUB/