Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security Patch: Vulnerability introduced by org.springframework.boot:spring-boot-starter-web@3.1.3 #243

Closed
petruki opened this issue Sep 9, 2023 · 0 comments
Closed

Security Patch: Vulnerability introduced by org.springframework.boot:spring-boot-starter-web@3.1.3 #243

petruki opened this issue Sep 9, 2023 · 0 comments
Assignees
@petruki
Labels
patch Update internal dependencies security Vulnerability found
Milestone
v1.0.8

Comments

@petruki
Copy link
Member

petruki commented Sep 9, 2023

Describe the patch
Access Restriction Bypass

Vulnerable module: org.apache.tomcat.embed:tomcat-embed-core
Introduced through: org.springframework.boot:spring-boot-starter-web@3.1.3

Current dependency

  • Name: org.apache.tomcat.embed:tomcat-embed-core@10.1.12

Optional - Remediation

  • Name: org.apache.tomcat.embed:tomcat-embed-core@10.1.13

Additional context
https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-5862028
https://www.cve.org/CVERecord?id=CVE-2023-41080
@petruki petruki added patch Update internal dependencies security Vulnerability found labels Sep 9, 2023
@petruki petruki added this to the v1.0.8 milestone Sep 9, 2023
@petruki petruki self-assigned this Sep 9, 2023
petruki added a commit that referenced this issue Sep 9, 2023
@petruki
Closes #243 - Patched tomcat-embed deps to 10.1.13
127a79e
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@petruki petruki

Labels
patch Update internal dependencies security Vulnerability found
Projects
None yet
Milestone
v1.0.8
Development

No branches or pull requests
1 participant
@petruki