Details
-
Bug
-
Status: Resolved
-
Minor
-
Resolution: Auto Closed
-
7.0.7
-
None
-
None
Description
TomEE plus version is using xmlsec-2.0.6.jar (Apache Santuario) version which is affected by vulnerability CVE-2019-12400 with CVSS score of 5.5 which is leading to potential security flaws.
Please confirm if this vulnerability impacts version 7.0.7 ?
Please upgrade to 2.1.4 version which has an official fix to address this issue.