Search for packages
| purl | pkg:maven/org.apache.tomee/tomee@7.0.1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-2w4b-at7v-jfew
Aliases: CVE-2021-40690 GHSA-j8wc-gxx9-82hx |
All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. This allows an attacker to abuse an XPath Transform to extract any local .xml files in a RetrievalMethod element. |
Affected by 0 other vulnerabilities. |
|
VCID-rn5j-hjuu-vkhf
Aliases: CVE-2020-13931 GHSA-mp28-rq7g-qx62 |
Remote code execution in Apache TomEE If Apache TomEE 8.0.0-M1 - 8.0.3, 7.1.0 - 7.1.3, 7.0.0-M1 - 7.0.8, 1.0.0 - 1.7.5 is configured to use the embedded ActiveMQ broker, and the broker config is misconfigured, a JMX port is opened on TCP port 1099, which does not include authentication. CVE-2020-11969 previously addressed the creation of the JMX management interface, however the incomplete fix did not cover this edge case. |
Affected by 1 other vulnerability. Affected by 1 other vulnerability. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-08-01T10:03:19.608845+00:00 | GitLab Importer | Affected by | VCID-2w4b-at7v-jfew | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomee/tomee/CVE-2021-40690.yml | 37.0.0 |
| 2025-08-01T09:46:29.358894+00:00 | GitLab Importer | Affected by | VCID-rn5j-hjuu-vkhf | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomee/tomee/CVE-2020-13931.yml | 37.0.0 |