Apache TomEE 9.1.2

Common Vulnerabilities & Exposures (CVE)

Release Date: 2023-12-12

Supported lifecycle: Full Support

Namespace: javax

CVEs: 2

CVE Affecting Apache TomEE 9.1.2

CVE

Severity

Description

Category

0.0

The jose4j component before 0.9.4 for Java allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value.

6.5

The JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to 9.0.68 and 10.1.0-M1 to 10.1.1 did not escape the type, message or description values. In some circumstances these are constructed from user provided data and it was therefore possible for users to supply values that invalidated or manipulated the JSON output.

data operational

Scanned for Vulnerabilities lately?

Contact us & see how we can help.

First name ^*
Last name ^*
Email ^*
Company ^*
How did you hear about Tomitribe? ^*
Tell us more ^*

Send me a confirmation email

^* These fields are required.