Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Block 2 more gadget types (org.apache.tomcat/tomcat-dbcp, CVE-2020-36184/CVE-2020-36185) #2998

Closed
cowtowncoder opened this issue Dec 23, 2020 · 1 comment
Closed

Block 2 more gadget types (org.apache.tomcat/tomcat-dbcp, CVE-2020-36184/CVE-2020-36185) #2998

cowtowncoder opened this issue Dec 23, 2020 · 1 comment
Labels
CVE Issues related to public CVEs (security vuln reports)
Milestone
2.9.10.8

Comments

@cowtowncoder
Copy link
Member

cowtowncoder commented Dec 23, 2020
edited
Loading

Another gadget type(s) reported regarding class(es) of org.apache.tomcat/tomcat-dbcp library.
See https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 for description of the general problem.

Reporter(s): Al1ex@knownsec
Mitre id(s):

Note: derivative of #2986 (embedded Apache DBCP 2.x)

Fix will be included in:
@cowtowncoder cowtowncoder added to-evaluate Issue that has been received but not yet evaluated CVE Issues related to public CVEs (security vuln reports) and removed to-evaluate Issue that has been received but not yet evaluated labels Dec 23, 2020
@cowtowncoder cowtowncoder changed the title Block 2 more gadget types (placeholder) Block 2 more gadget types (org.apache.tomcat/tomcat-dbcp) Dec 26, 2020
@cowtowncoder cowtowncoder added this to the 2.9.10.8 milestone Dec 26, 2020
cowtowncoder added a commit that referenced this issue Dec 26, 2020
@cowtowncoder
Fixed #2998
567194c
@abergmann
Copy link

The following CVEs have been assigned to this issue:

@cowtowncoder cowtowncoder changed the title Block 2 more gadget types (org.apache.tomcat/tomcat-dbcp) Block 2 more gadget types (org.apache.tomcat/tomcat-dbcp, CVE-2020-36184/CVE-2020-36185) Jan 7, 2021
This was referenced Jan 9, 2021
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
This was referenced May 10, 2022
Open
Open
Open
This was referenced May 31, 2022
Closed
Closed
This was referenced May 31, 2022
Closed
Closed
Closed
Closed
Closed
Closed
This was referenced Aug 1, 2022
Open
Open
This was referenced Sep 20, 2022
Open
Open
This was referenced Dec 25, 2022
Open
Open
This was referenced Dec 20, 2022
Open
Open
@cxronen cxronen mentioned this issue Feb 17, 2023
Open
@cxronen cxronen mentioned this issue Nov 22, 2022
Open
This was referenced Mar 14, 2023
Open
Open
Open
This was referenced Feb 15, 2023
Open
Open
Open
Open
@cxronen cxronen mentioned this issue May 25, 2023
Open
@cxronen cxronen mentioned this issue May 25, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
CVE Issues related to public CVEs (security vuln reports)
Projects
None yet
Milestone
2.9.10.8
Development

No branches or pull requests
2 participants
@cowtowncoder @abergmann