Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Block 2 more gadget types (tomcat/naming-factory-dbcp, CVE-2020-36186/CVE-2020-36187) #2997

Closed
cowtowncoder opened this issue Dec 23, 2020 · 1 comment
Labels
CVE Issues related to public CVEs (security vuln reports)
Milestone

Comments

@cowtowncoder
Copy link
Member

cowtowncoder commented Dec 23, 2020

Another gadget type(s) reported regarding class(es) of tomcat:naming-factory-dbcp library.

See https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 for description of the general problem.

Reporter(s): Al1ex@knownsec
Mitre id(s):

Note: derivative of #2487 (embedded Apache DBCP 1.x)

Fix will be included in:

@cowtowncoder cowtowncoder added the to-evaluate Issue that has been received but not yet evaluated label Dec 23, 2020
@cowtowncoder cowtowncoder changed the title Block 2 more gadget types (placeholder) #2996 Block 2 more gadget types (placeholder) Dec 23, 2020
@cowtowncoder cowtowncoder added CVE Issues related to public CVEs (security vuln reports) and removed to-evaluate Issue that has been received but not yet evaluated labels Dec 23, 2020
@cowtowncoder cowtowncoder changed the title Block 2 more gadget types (placeholder) Block 2 more gadget types (tomcat/naming-factory-dbcp) Dec 26, 2020
@cowtowncoder cowtowncoder added this to the 2.9.10.8 milestone Dec 26, 2020
@abergmann
Copy link

The following CVEs have been assigned to this issue:

@cowtowncoder cowtowncoder changed the title Block 2 more gadget types (tomcat/naming-factory-dbcp) Block 2 more gadget types (tomcat/naming-factory-dbcp, CVE-2020-36186/CVE-2020-36187) Jan 7, 2021
This was referenced Jan 9, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
CVE Issues related to public CVEs (security vuln reports)
Projects
None yet
Development

No branches or pull requests

2 participants