Apache Tomcat 9.0.0.M1 < 9.0.98 multiple vulnerabilities

viannama · December 24, 2024, 4:20am

I would like to know whether the version “SonarQube Community Build - 9.9.5” is affected by the following CVEs. Please advise.

CVE-2024-50379
CVE-2024-54677
CVE-2024-56337

Tomcat:
Installed version : 9.0.85
Fixed version : 9.0.98

Colin · December 24, 2024, 8:14am

Hi,

I’ve unlisted your topic since you’re reporting a vulnerability. Our responsible disclosure policy asks that you email security@sonarsource.com rather than making public posts. Could you please re-send this to security@sonarsource.com?

Topic		Replies	Views
Sonarqube 9.7 has tomcat 9.0.62 embedded, but CVE-2022-29885 affects tomcat 9.0.62 SonarQube Server / Community Build cve	2	875	November 7, 2022
How do we update default Tomcat SonarQube Server / Community Build	5	725	April 19, 2024
Dependencies Vulnerabilities Sonarqube Community 9.9 SonarQube Server / Community Build sonarqube	1	309	February 16, 2024
What is the latest tomcat version in Sonar community edition? SonarQube Server / Community Build sonarqube	2	60	March 13, 2025
Is there "official" sonarqube documentation that states version 9.9 is NOT impacted by CVE-2022-4288 SonarQube Server / Community Build	5	909	May 24, 2023