CVEs Impacting Distribution

JFrog Release Information

ft:sourceType
Paligo

The following is a list of CVEs that impact JFrog Distribution.

CVE

Severity

Distribution Fix Version

Fix Description

CVE-2024-22259

High

2.24.0

Upgraded Spring Framework to a fixed version.

CVE-2024-1597

Critical

2.23.0

Upgraded pgjdbc to a fixed version.

CVE-2024-22233

High

2.23.0

Upgraded Spring Framework to a fixed version.

CVE-2024-22243

High

2.23.0

Upgraded UriComponentsBuilder to a fixed version.

CVE-2024-26308

CVE-2024-25710

Medium

2.23.0

Upgraded Apache Commons Compress to a fixed version.

CVE-2023-50570

Medium

2.23.0

Upgraded IPAddress to a fixed version.

CVE-2023-47633

High

2.22.1

Upgraded Traefik to a fixed version.

CVE-2023-46589

High

2.22.1

Upgraded Apache Tomcat to a fixed version.

CVE-2023-6378

High

2.22.1

Upgraded logback to a fixed version.

CVE-2023-4586

High

2.21.3

Upgraded the Hot Rod client to a fixed version.

CVE-2023-35116

Medium

2.21.3

Upgraded jackson-databind to a fixed version.

CVE-2023-41080

Medium

2.21.3

Upgraded Apache Tomcat to a fixed version.

CVE-2023-34035

Medium

2.21.3

Upgraded Spring Framework to a fixed version.

CVE-2022-48345

Medium

2.19.1

Upgraded sanitize-url to a fixed version.