Product Release Advisory -VMware Tanzu Gemfire
25543
26 March 2025
26 March 2025
CLOSED
CRITICAL
10.0
Multiple - see advisory
Product Release Advisory
Advisory ID: |
TNZ-2025-016 |
Severity: |
Critical |
Issue Date: |
2025-03-21 |
Updated on: |
2025-03-26 |
Synopsis |
Bumped multiple dependencies, which resulted in at least 6 CVEs remediated in this release |
Product Version Release Advisory
- VMware Tanzu GemFire 10.1.3
- https://techdocs.broadcom.com/us/en/vmware-tanzu/data-solutions/tanzu-gemfire/10-1/gf/release_notes.html
Security Fixes
This release has the following security fixes, listed by component and area.
Component |
Vulnerabilities Resolved |
DOMPurify |
CVE-2024-47875 (critical) CVE-2024-45801 (high) |
Netty |
CVE-2024-47535 (medium) |
Jetty |
CVE-2024-8184 (medium) |
History
2025-03-26: Initial vulnerability report published.
Contact
E-mail: [email protected]
VMware Tanzu Security Advisories
https://support.broadcom.com/group/ecx/security-advisory?segment=VT