FreeBSD Bugzilla – Attachment 218615 Details for
Bug 250207
www/payara: Port update to 5.2020.4 and vulnerabilities update
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
security/vuxml/vuln.xml patch to include vulnerabilities of the older Payara versions
payara.vulnerabilities.diff (text/plain), 4.42 KB, created by
Dmytro Bilokha
on 2020-10-08 19:07:06 UTC
(
hide
)
Description:
security/vuxml/vuln.xml patch to include vulnerabilities of the older Payara versions
Filename:
MIME Type:
Creator:
Dmytro Bilokha
Created:
2020-10-08 19:07:06 UTC
Size:
4.42 KB
patch
obsolete
>Index: security/vuxml/vuln.xml >=================================================================== >--- security/vuxml/vuln.xml (revision 551730) >+++ security/vuxml/vuln.xml (working copy) >@@ -58,6 +58,102 @@ > * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) > --> > <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> >+ >+ <vuln vid="b07bdd3c-0809-11eb-a3a4-0019dbb15b3f"> >+ <topic>Payara -- path trasversal flaw via either loc/con parameters in Eclipse Mojarra</topic> >+ <affects> >+ <package> >+ <name>payara</name> >+ <range><lt>5.201</lt></range> >+ </package> >+ </affects> >+ <description> >+ <body xmlns="http://www.w3.org/1999/xhtml"> >+ <p>Payara Releases reports:</p> >+ <blockquote cite="https://docs.payara.fish/community/docs/5.2020.4/security/security-fix-list.html"> >+ <p>The following is a list of tracked Common Vulnerabilities and Exposures that have been reported and analyzed, which can or have impacted Payara Server across releases:</p> >+ <ul> >+ <li>CVE-2020-6950 Eclipse Mojarra vulnerable to path trasversal flaw via either loc/con parameters</li> >+ </ul> >+ </blockquote> >+ </body> >+ </description> >+ <references> >+ <cvename>CVE-2020-6950</cvename> >+ <url>https://docs.payara.fish/community/docs/5.2020.4/security/security-fix-list.html</url> >+ </references> >+ <dates> >+ <discovery>2020-01-13</discovery> >+ <entry>2020-10-06</entry> >+ </dates> >+ </vuln> >+ >+ <vuln vid="bd159669-0808-11eb-a3a4-0019dbb15b3f"> >+ <topic>Payara -- A Polymorphic Typing issue in FasterXML jackson-databind</topic> >+ <affects> >+ <package> >+ <name>payara</name> >+ <range><lt>5.193</lt></range> >+ </package> >+ </affects> >+ <description> >+ <body xmlns="http://www.w3.org/1999/xhtml"> >+ <p>Payara Releases reports:</p> >+ <blockquote cite="https://docs.payara.fish/community/docs/5.193/security/security-fix-list.html"> >+ <p>The following is a list of tracked Common Vulnerabilities and Exposures that have been reported and analyzed, which can or have impacted Payara Server across releases:</p> >+ <ul> >+ <li>CVE-2019-12086 A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9</li> >+ </ul> >+ </blockquote> >+ </body> >+ </description> >+ <references> >+ <cvename>CVE-2019-12086</cvename> >+ <url>https://docs.payara.fish/community/docs/5.193/security/security-fix-list.html</url> >+ </references> >+ <dates> >+ <discovery>2019-05-17</discovery> >+ <entry>2020-10-06</entry> >+ </dates> >+ </vuln> >+ >+ <vuln vid="71c71ce0-0805-11eb-a3a4-0019dbb15b3f"> >+ <topic>payara -- multiple vulnerabilities</topic> >+ <affects> >+ <package> >+ <name>payara</name> >+ <range><lt>5.191</lt></range> >+ </package> >+ </affects> >+ <description> >+ <body xmlns="http://www.w3.org/1999/xhtml"> >+ <p>Payara Releases reports:</p> >+ <blockquote cite="https://docs.payara.fish/community/docs/5.191/security/security-fix-list.html"> >+ <p>The following is a list of tracked Common Vulnerabilities and Exposures that have been reported and analyzed, which can or have impacted Payara Server across releases:</p> >+ <ul> >+ <li>CVE-2018-14721 FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery (SSRF) attacks</li> >+ <li>CVE-2018-14720 FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct external XML entity (XXE) attacks</li> >+ <li>CVE-2018-14719 FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code</li> >+ <li>CVE-2018-14718 FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code</li> >+ <li>CVE-2018-14371 Eclipse Mojarra before 2.3.7 is affected by Directory Traversal via the loc parameter</li> >+ </ul> >+ </blockquote> >+ </body> >+ </description> >+ <references> >+ <cvename>CVE-2018-14721</cvename> >+ <cvename>CVE-2018-14720</cvename> >+ <cvename>CVE-2018-14719</cvename> >+ <cvename>CVE-2018-14718</cvename> >+ <cvename>CVE-2018-14371</cvename> >+ <url>https://docs.payara.fish/community/docs/5.191/security/security-fix-list.html</url> >+ </references> >+ <dates> >+ <discovery>2019-02-01</discovery> >+ <entry>2020-10-06</entry> >+ </dates> >+ </vuln> >+ > <vuln vid="769a4f60-9056-4c27-89a1-1758a59a21f8"> > <topic>zeek -- Vulnerability due to memory leak</topic> > <affects>
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=218615">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Flags:
dmytro
:
maintainer-approval+
Actions:
View
|
Diff
Attachments on
bug 250207
:
218614
| 218615