Unresolved
Details
Assignee
UnassignedUnassignedReporter
DenisDenisPriority
TBDRCA Group
TBDTestRail: Cases
Open TestRail: CasesTestRail: Runs
Open TestRail: Runs
Details
Details
Assignee
Unassigned
UnassignedReporter
Denis
Denis
Priority
TBDRCA Group
TBD
TestRail: Cases
Open TestRail: Cases
TestRail: Runs
Open TestRail: Runs
Created January 22, 2024 at 2:34 PM
Updated May 23, 2024 at 3:44 PM
Severity: High
Modules impacted:
mod-password-validator Volaris
mod-tags Volaris
mod-calendar Bama
mod-notes Spitfire
mod-entities-links Spitfire
mod-search Spitfire
mod-remote-storage Volaris
edge-caiasoft Volaris -
mod-data-export-spring Firebird
mod-ebsconet Thunderjet
mod-data-export-worker Firebird
mod-bulk-operations Firebird
mod-fqm-manager Corsair
edge-fqm Corsair -
mod-lists Corsair
edge-courses TBD - fixed by https://github.com/folio-org/edge-courses/pull/7 because Spring Boot 3.1.6 uses Spring Framework 6.0.14
Link: https://spring.io/security/cve-2023-34053 - https://nvd.nist.gov/vuln/detail/CVE-2023-34053
Vulnerability: Spring Framework server Web Observations DoS Vulnerability
Package Name: spring-webmvc
Current spring-webmvc version is 6.0.12 // Fixed in 6.0.14