Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Block 2 more gadget types (tomcat/naming-factory-dbcp, CVE-2020-36186/CVE-2020-36187) #2997

Closed
cowtowncoder opened this issue Dec 23, 2020 · 1 comment
Closed

Block 2 more gadget types (tomcat/naming-factory-dbcp, CVE-2020-36186/CVE-2020-36187) #2997

cowtowncoder opened this issue Dec 23, 2020 · 1 comment
Labels
CVE Issues related to public CVEs (security vuln reports)
Milestone
2.9.10.8

Comments

@cowtowncoder
Copy link
Member

cowtowncoder commented Dec 23, 2020
edited
Loading

Another gadget type(s) reported regarding class(es) of tomcat:naming-factory-dbcp library.

See https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 for description of the general problem.

Reporter(s): Al1ex@knownsec
Mitre id(s):

Note: derivative of #2487 (embedded Apache DBCP 1.x)

Fix will be included in:
@cowtowncoder cowtowncoder added the to-evaluate Issue that has been received but not yet evaluated label Dec 23, 2020
@cowtowncoder cowtowncoder changed the title Block 2 more gadget types (placeholder) #2996 Block 2 more gadget types (placeholder) Dec 23, 2020
@cowtowncoder cowtowncoder added CVE Issues related to public CVEs (security vuln reports) and removed to-evaluate Issue that has been received but not yet evaluated labels Dec 23, 2020
@cowtowncoder cowtowncoder changed the title Block 2 more gadget types (placeholder) Block 2 more gadget types (tomcat/naming-factory-dbcp) Dec 26, 2020
@cowtowncoder cowtowncoder added this to the 2.9.10.8 milestone Dec 26, 2020
@abergmann
Copy link

The following CVEs have been assigned to this issue:

@cowtowncoder cowtowncoder changed the title Block 2 more gadget types (tomcat/naming-factory-dbcp) Block 2 more gadget types (tomcat/naming-factory-dbcp, CVE-2020-36186/CVE-2020-36187) Jan 7, 2021
This was referenced Jan 9, 2021
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
This was referenced Mar 31, 2022
Open
Closed
Open
This was referenced May 10, 2022
Open
Open
Open
Open
This was referenced May 31, 2022
Closed
Closed
This was referenced May 31, 2022
Closed
Closed
Closed
Closed
Closed
Closed
@scott-cx scott-cx mentioned this issue Aug 1, 2022
Open
@cxronen cxronen mentioned this issue Sep 20, 2022
Open
This was referenced Dec 25, 2022
Open
Open
This was referenced Dec 20, 2022
Open
Open
This was referenced Feb 17, 2023
Open
Open
This was referenced Mar 2, 2023
Open
Open
This was referenced Apr 13, 2023
Open
Open
This was referenced May 25, 2023
Open
Open
@cxronen cxronen mentioned this issue May 25, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
CVE Issues related to public CVEs (security vuln reports)
Projects
None yet
Milestone
2.9.10.8
Development

No branches or pull requests
2 participants
@cowtowncoder @abergmann