Product Version Release Advisory VMware Tanzu GemFire 10.0.6
25506
13 March 2025
13 March 2025
CLOSED
CRITICAL
10.0
CVE-2024-38816, CVE-2024-38820, CVE-2024-47875, CVE-2024-45801, CVE-2025-26791, CVE-2024-47535, CVE-2024-8184, CVE-2024-6763
Product Release Advisory
Advisory ID: |
TNZ-2025-12 |
Severity: |
Critical |
Issue Date: |
2025-03-12 |
Updated on: |
2025-03-12 |
Synopsis |
Bumped multiple dependencies which resulted in at least 8 CVEs remediated in this release |
Product Version Release Advisory
- VMware Tanzu GemFire 10.0.6
- https://techdocs.broadcom.com/us/en/vmware-tanzu/data-solutions/tanzu-gemfire/10-0/gf/release_notes.html
Security Fixes
This release has the following security fixes, listed by component and area.
Component |
Vulnerabilities Resolved |
Spring |
CVE-2024-38816 (high) |
DOMPurify |
CVE-2024-47875 (critical) CVE-2024-45801 (high) |
Netty |
CVE-2024-47535 (medium) |
Jetty |
CVE-2024-8184 (medium) |
History
2025-03-12: Initial vulnerability report published.
Contact
E-mail: [email protected]
VMware Tanzu Security Advisories
https://support.broadcom.com/group/ecx/security-advisory?segment=VT