CVEs Impacting Distribution

JFrog Release Information

Content Type
Release Notes
ft:sourceType
Paligo

The following is a list of CVEs that impact JFrog Distribution.

CVE

Severity

Distribution Fix Version

Fix Description

CVE-2204-30172

Medium

2.26.1

Upgraded Bouncy Castle to a fixed version because of an issue discovered in Java Cryptography APIs.

CVE-2024-30171

Medium

2.26.1

Upgraded Bouncy Castle to a fixed version because of an issue discovered in Java TLS API and JSSE Provider.

CVE-2024-29857

Medium

2.26.1

Upgraded Bouncy. Castle to a fixed version because of an issue discovered in ECCurve.java and ECCurve.cs.

CVE-2024-22259

High

2.24.0

Upgraded Spring Framework to a fixed version.

CVE-2024-1597

Critical

2.23.0

Upgraded pgjdbc to a fixed version.

CVE-2024-22233

High

2.23.0

Upgraded Spring Framework to a fixed version.

CVE-2024-22243

High

2.23.0

Upgraded UriComponentsBuilder to a fixed version.

CVE-2024-26308

CVE-2024-25710

Medium

2.23.0

Upgraded Apache Commons Compress to a fixed version.

CVE-2023-50570

Medium

2.23.0

Upgraded IPAddress to a fixed version.

CVE-2023-47633

High

2.22.1

Upgraded Traefik to a fixed version.

CVE-2023-46589

High

2.22.1

Upgraded Apache Tomcat to a fixed version.

CVE-2023-6378

High

2.22.1

Upgraded logback to a fixed version.

CVE-2023-4586

High

2.21.3

Upgraded the Hot Rod client to a fixed version.

CVE-2023-35116

Medium

2.21.3

Upgraded jackson-databind to a fixed version.

CVE-2023-41080

Medium

2.21.3

Upgraded Apache Tomcat to a fixed version.

CVE-2023-34035

Medium

2.21.3

Upgraded Spring Framework to a fixed version.

CVE-2022-48345

Medium

2.19.1

Upgraded sanitize-url to a fixed version.