...
date | CVE | description | versions | Risk for Deltares Open Archive | JIRA | upgrade strategy |
---|---|---|---|---|---|---|
October 2021 | CVE-2020-13936 | An attacker that is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container | up to 202301 | False positive. Users in thredds are not allowed to upload velocity templates. | FEWS-29325 | |
november 2018 | CVE-2018-1258 | Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted. | up to 202301 | False positive. Spring security is not used. | FEWS-29331,FEWS-29332 and , FEWS-29334 and FEWS-29335 | |
Apache Tomcat CVE score Critical and High
...