Details
-
Dependency upgrade
-
Status: Closed
-
Minor
-
Resolution: Not A Problem
-
8.0.14
-
None
-
None
Description
Hi Team,
We are seeing the below CVEs reported against the TomEE (Plume Flavor). Could you please check and confirm if these requires a fix or just false positives ?
- CVE-2022-4742 (CVSS : 9.8)
- Reported against :
- /tomee/lib/johnzon-jsonp-strict-1.2.19.jar
- cpe:2.3:a:json-pointer_project:json-pointer:1.2.19:::::::*
- Reported against :
- CVE-2020-8022 (CVSS : 7.8)
- Reported against :
- /tomee/lib/el-api.jar
- /tomee/lib/servlet-api.jar
- cpe:2.3:a:apache:tomcat:3.0:::::::; cpe:2.3:a:apache_tomcat:apache_tomcat:9.0.71:::::::
- Reported against :
Thanks