Vulnerabilities > Apache > Tomee > 8.0.6
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-09-19 | CVE-2021-40690 | All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. | 7.5 |
2021-07-12 | CVE-2021-33037 | HTTP Request Smuggling vulnerability in multiple products Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy. | 5.3 |
2021-06-16 | CVE-2021-30468 | Infinite Loop vulnerability in multiple products A vulnerability in the JsonMapObjectReaderWriter of Apache CXF allows an attacker to submit malformed JSON to a web service, which results in the thread getting stuck in an infinite loop, consuming CPU indefinitely. | 7.5 |