Update SoapUI to use Jetty 7.0.1 or later version to remediate XSS vulnerabilities

Question

Hi, is there any plan to upgrade SoapUI to use Jetty 7.0.1 or later version because versions 6.x and 7.0.0 have remote XSS vulnerabilities (https://nvd.nist.gov/vuln/detail/CVE-2009-4610) that can let remote users to run arbitrary commands?&nbsp;Thanks

sander · Answer

Hi,&nbsp;I would also like to know when an update will be available.Our security team will block the use of SoapUI if i do not update soon.

t4103gf · Answer

Can I get an official response from SmartBear? My organization will pull the plug on SoapUI this April 3rd if this issue is not addressed.

gilderdale · Answer

I know some software that allows remote control likeanydeskfive nights at freddy's

Forum Discussion

Update SoapUI to use Jetty 7.0.1 or later version to remediate XSS vulnerabilities

3 Replies

Recent Discussions

Soapui equivalent for curl -F (multipart/form-data)

REST MockService: mockRequest.requestContent is null for PATCH

Shared workspace

Related Content

log4j vulnerability in older versions

Log4J vulnerability

Does SoapUI 5.6.0 has log4j vulnerability?