Status
Fixed version
3.9-r1Status
Impact
This CVE caused by async-http-client being brought in via Microsoft Azure SDK for Service Bus (version 3.6.7), which is used by ThingsBoard’s server-queue components, as a transitive dependency. This will require upstream maintainers to implement a remediation.
Status