Product Version Release Advisory VMware Tanzu GemFire 10.0.6

VMware Tanzu Gemfire

0 more products

25506

13 March 2025

13 March 2025

CLOSED

CRITICAL

10.0

CVE-2024-38816, CVE-2024-38820, CVE-2024-47875, CVE-2024-45801, CVE-2025-26791, CVE-2024-47535, CVE-2024-8184, CVE-2024-6763

Product Release Advisory

Advisory ID:

TNZ-2025-12

Severity:

Critical

Issue Date:

2025-03-12

Updated on:

2025-03-12

Synopsis

Bumped multiple dependencies which resulted in at least 8 CVEs remediated in this release

Product Version Release Advisory

Security Fixes

This release has the following security fixes, listed by component and area.

Component

Vulnerabilities Resolved

Spring

CVE-2024-38816 (high)
CVE-2024-38820 (low)

DOMPurify

CVE-2024-47875 (critical) 

CVE-2024-45801 (high)
CVE-2025-26791 (medium)

Netty

CVE-2024-47535 (medium) 

Jetty

CVE-2024-8184 (medium)
CVE-2024-6763 (medium)

History

2025-03-12: Initial vulnerability report published.

Contact

E-mail: [email protected]

VMware Tanzu Security Advisories
https://support.broadcom.com/group/ecx/security-advisory?segment=VT