...

March 2024

Reflected Cross-Site Scripting Vulnerability (XSS) in Userview

Description

In a userview, it is possible to send unvalidated data to a web browser when dynamically switching user locales, which can result in the browser executing malicious code.

Severity

High

Affected Versions

Joget DX 8.0.11 and below

Resolution

Upgrade to Joget DX 8.0.12 and above

...

April 2022

Critical Vulnerability in Spring Framework CVE-2022-22965

Description

A critical vulnerability has been found in the Spring Framework. According to the vulnerability report CVE-2022-22965:

...

• Joget DX (7.0.27 and below) running on JDK 9+ and Apache Tomcat (8.5.77 and below, or 9.0.61 and below).
• Joget Workflow v6 (6.0.34 and below) running on JDK 9+ and Apache Tomcat (8.5.77 and below, or 9.0.61 and below)

Resolution

A fix is available in the latest Joget versions:

...

Critical Vulnerability in Apache Log4j CVE-2021-44228

Description

Critical vulnerability in Apache Log4j. According to the report CVE-2021-44228:

...

However, this vulnerability only affects Apache Log4j versions from 2.0-beta9 to 2.14.1, so they are NOT affected by this vulnerability.

Resolution

To upgrade to the latest log4j 2 version, upgrade to the following Joget versions:

...