Is cve-2022-22965 an issue for Foreman?

Currently running Foreman 3.0.1, is cve-2022-22965 an issue?
Expected outcome:

Foreman and Proxy versions:

Foreman and Proxy plugin versions:

Distribution and version:

Other relevant data:

1 Like

We have the same question.

It’s looking like no, but I am hoping to get more of a comprehensive answer.
I’ll write ASAP.

1 Like

Hello again!
No, this CVE is not an issue.
The only area we wanted to check was Candlepin, but I’ve confirmation that Candlepin doesn’t use Spring at all (neither Spring MVC, or Spring Beans, or Spring Webflux).


Thank you.