-
Task
-
Resolution: Done
-
Neutral
-
1.1.10, 1.2.9
-
None
-
-
Empty show more show less
-
Empty show more show less
-
Yes
[ERROR] One or more dependencies were identified with vulnerabilities: ... [ERROR] tomcat-9.0.64.tar.gz: tomcat-9.0.64.tar: catalina.jar: CVE-2022-34305(6.1) ...
[...] the Form authentication example in the examples web application displayed user provided data without filtering, exposing a XSS vulnerability
https://nvd.nist.gov/vuln/detail/CVE-2022-34305
Magnolia bundles aren't affected as Tomcat samples are removed. Still, we're going to do the update asap as part of regular 3rd party deps maintenance thus avoiding to create a large version delta.
Acceptance criteria