10000 tomcat9.0漏洞-cve-2025-24813 · Issue #13186 · alibaba/nacos · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

tomcat9.0漏洞-cve-2025-24813 #13186

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
blfish008 opened this issue Mar 16, 2025 · 1 comment
Closed
8000

tomcat9.0漏洞-cve-2025-24813 #13186

blfish008 opened this issue Mar 16, 2025 · 1 comment
Labels
dependencies Pull requests that update a dependency file kind/question Category issues related to questions or problems

Comments

@blfish008
Copy link

如题,受影响吗?
@KomachiSion
Copy link
Collaborator
KomachiSion commented Mar 18, 2025
edited
Loading

理论上不受影响, nacos没有修改默认 DefaultServlet 的写入权限(默认情况下禁用)。

PR #13189 升级了tomcat-core的版本, 应该是彻底修复了这个漏洞。

下次release(2.5.2)时升级即可。

@KomachiSion KomachiSion added kind/question Category issues related to questions or problems dependencies Pull requests that update a dependency file labels Mar 18, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file kind/question Category issues related to questions or problems
Projects
None yet
Milestone
No milestone
3409
Development

No branches or pull requests
2 participants
@KomachiSion @blfish008
0