vulnerable Tomcat 10.1.31 embedded in Artifactory 7.98.13

Tenable Nessus reports a vulnerable Tomcat 10.1.31 on the path /opt/jfrog/artifactory/app/access/

This looks like an embedded Tomcat instance.

The JFrog Artifactory package installed is jfrog-artifactory-oss 7.98.13.

Official release notes show an incremental patch version: 7.98.14, but no hint about a Tomcat upgrade.

The vulnerability in question is CVE-2024-50379. It is fixed in Tomcat 10.1.34.

I did not find any information (official source or not) on whether JFrog Artifactory is affected by this vulnerability. Neither did I find anything on a recommended solution, patch or mitigation.

(I presume that touching the embedded Tomcat is not a good idea.)

What is JFrog official position on this specific CVE?

Solution

See relevant documentation here. It is mentioned that Artifactory is not impacted by this vulnerability.

Math.Sin() gives incorrect value
How to run my python script when the sunOS is start booting
Express-session: not resetting cookie expiration on each request
Getting a stack overflow exception when normalizing a vector
Edit default summary function in R gives error for multiple variables
What was a For loop? Why isn't it needed in R?
How to use download button in shiny and save results in various formats (csv, texte, pdf, spss...)?
Why are there two assignment operators, `<-` and `->` in R?
lm()$assign: what is it?
How to get the value of list(...) in R and S functions
Design matrix for MLM from library(lme4) with fixed and random effects
how to generate elements not included in my sample
Create a matrix with gradually changing values without a for loop
Emacs ESS and S-plus ( S+ ) 8.1 compatability
How to lag date-index in a time-series in R?
Nonlinear regression in R / S
Calling R from S-Plus?