KB Article #182913
SECURITY: Impact of CVE-2023-39017 on SecureTransport
Problem
Security scan reports CVE-2023-39017 vulnerability for SecureTransport 5.5.
Resolution
The SecureTransport team has thoroughly investigated CVE-2023-39017, a code injection vulnerability identified in the org.quartz.jobs.ee.jms.SendQueueMessageJob.execute
component of quartz-jobs versions 2.3.2 and earlier. After a comprehensive review, we have determined that SecureTransport does not utilize the affected quartz-jobs component, and, consequently, remains unaffected by this vulnerability.
To ensure ongoing security, we will update the quartz-jobs dependency to the latest secure version as soon as it becomes available.