Vulnerabilities in Tomcat version(9.0.65) in Docker base image

Issue date: 18-07-2023
Affects versions: 15.2, 15.1, 14.7, 13.4

Security Issue ID

SECURITY-422

Affected Product Version(s)

15.2.1, 15.1.4, 14.7.13, 13.4.22 and previous releases.

Severity

High

Description

CVE-2022-45143 suppress

The JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to 9.0.68 and 10.1.0-M1 to 10.1.1 did not escape the type, message or description values. In some circumstances these are constructed from user provided data and it was therefore possible for users to supply values that invalidated or manipulated the JSON output.

Container image tomcat:9-jdk11-openjdk-slim is using the vulnerable Tomcat version 9.0.65

Instructions

Customers are recommended to upgrade to the latest version. As of the time of writing, 15.2.3,14.7.14,13.4.23.

Get Started

Build a Website

Relevance Trail

Feed an AngularJS App

Deploy in BloomReach Cloud

Use Blue-Green Deployment in BloomReach Cloud

Understand

Implement

Extend

Integrate

Run

Upgrade

Develop

Use

Bloomreach Documentation version

Vulnerabilities in Tomcat version(9.0.65) in Docker base image