https://bz.apache.org/bugzilla/show_bug.cgi?id=69167
Bug ID: 69167
Summary: Is tomcat10.1 impacted with these vulnerabilities
(CVE-2024-5535, CVE-2024-4603, CVE-2024-2511)
Product: Tomcat Native
Version: unspecified
Hardware: PC
OS: Linux
Status: NEW
Severity: major
Priority: P2
Component: Library
Assignee: dev@tomcat.apache.org
Reporter: zjhua2...@163.com
Target Milestone: ---
Hi colleague,
In BDBA (Black Duck Binary Analysis) scans, it detected a critical
vulnerability: CVE-2024-5535(https://nvd.nist.gov/vuln/detail/CVE-2024-5535) in
openssl 3.0.13 in Tomcat 10.1.20
The detected object is: apache-tomcat-10.1.20/bin/tcnative-2.dll
There are other vulnerabilities inside OpenSSL, such as CVE-2024-4603,
CVE-2024-2511.
Pls. kindly help check whether it is true positive or not in Tomcat, and when
and which release it will be mitigated?
Best regards,
Peyton Zhong
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
