[wildfly-dev] Re: Vulnerabilities in wildfly version 32.0.1.Final
Le 17/07/2024 à 17:12, Pawan Verma -X (pawverma - INFOSYS LIMITED at Cisco) via
wildfly-dev a écrit :
We are seeing some critical and high vulnerabilities in some of the packages which are
bundled along with wildfly 32.0.1.Final
1. dom4j:1.6 --> CVE-2020-10683 (critical)
2. aws-java-sdk-s3:1.11.750 --> CVE-2022-45688 (high)
3. json , version 20201115 --> CVE-2022-45688 (high)
4. undertow-core, version 2.3.12.Final --> CVE-2024-6162 (high)
5. xnio-api, version 3.8.13.Final --> CVE-2023-5685 (high)
6. activemq-artemis-native, version 2.0.0 --> CVE-2022-41678 (high)
This is wrong, it is not the native part that is for this CVE but the jokolia
support which we don't provide
7. spring-web, version 6.1.5 --> CVE-2024-22262 (high)
Not provided by us
8. wildfly-elytron-realm-token, version 2.2.3.Final -->
CVE-2024-1233 (high)
9. soap, version 2.3.1 --> CVE-2022-45378
Any guidance on how we can rectify these vulnerabilities while using wildfly
32.0.1.Final
Thanks,
Pawan
_______________________________________________
wildfly-dev mailing list -- wildfly-dev(a)lists.jboss.org
To unsubscribe send an email to wildfly-dev-leave(a)lists.jboss.org
Privacy Statement: https://www.redhat.com/en/about/privacy-policy
List Archives:
https://lists.jboss.org/archives/list/wildfly-dev@lists.jboss.org/message...