Tomcat vulnerabilities CVE-2022-45143 and CVE-2022-42252 were disclosed by the software vendor.  FlexDeploy uses Tomcat software as part of its environment.  The details listed below show that neither of the vulnerabilities are affected in Tomcat shipped with FlexDeploy. 


CVE-2022-42242 - Apache Tomcat request smuggling

This only applies if rejectIllegalHeader is set to false.  FlexDeploy leaves this value at the default of true so this vulernability is not a risk in FlexDeploy implementations.


CVE-2022-54143 - 

This only applies if the class JsonErrorReportValue is used.  FlexDeploy code does not use this class anywhere its code and as a result FlexDeploy is not at risk from this vulnerability.