[
https://issues.apache.org/jira/browse/TOMEE-4001?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17601496#comment-17601496
]
Cesar Hernandez commented on TOMEE-4001:
----------------------------------------
Thank you [~9177012889] for the reporting and [~rzo1] the patch.
As a side note, notice that this CVE affects the tomcat examples application.
TomEE doesn't provide the examples application.
!image-2022-09-07-13-50-40-452.png!
{code:java}
tree webapps -D -L 1
[Sep 7 13:34] webapps
├── [Jun 28 10:05] ROOT
├── [Jun 28 10:05] docs
├── [Jun 28 10:05] host-manager
└── [Jun 28 10:05] manager{code}
> CVE-2022-34305 displaying user provided data without filtering, exposing a
> XSS vulnerability
> --------------------------------------------------------------------------------------------
>
> Key: TOMEE-4001
> URL: https://issues.apache.org/jira/browse/TOMEE-4001
> Project: TomEE
> Issue Type: Dependency upgrade
> Components: TomEE Core Server
> Affects Versions: 9.0.0-M8, 8.0.12
> Reporter: Yugandher reddy vonteddu
> Assignee: Richard Zowalla
> Priority: Major
> Labels: CVE
> Fix For: 9.0.0-M9, 8.0.13
>
> Attachments: image-2022-09-07-13-50-40-452.png
>
>
> In Apache Tomcat 10.1.0-M1 to 10.1.0-M16, 10.0.0-M1 to 10.0.22, 9.0.30 to
> 9.0.64 and 8.5.50 to 8.5.81 the Form authentication example in the examples
> web application displayed user provided data without filtering, exposing a
> XSS vulnerability.
> [https://nvd.nist.gov/vuln/detail/CVE-2022-34305]
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
