CVE-2017-5648: Exposure of Resource to Wrong Sphere
(updated )
Some calls to application listeners in Apache Tomcat did not use the appropriate facade object. When running an untrusted application under a SecurityManager, it was therefore possible for that untrusted application to retain a reference to the request or response object and thereby access and/or modify information associated with another web application.
References
Detect and mitigate CVE-2017-5648 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →