You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@cxf.apache.org by "Colm O hEigeartaigh (Jira)" <ji...@apache.org> on 2022/10/26 12:29:00 UTC

[jira] [Assigned] (CXF-8776) Version 3.5.4 contains security vulnerable woodstox version

     [ https://issues.apache.org/jira/browse/CXF-8776?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Colm O hEigeartaigh reassigned CXF-8776:
----------------------------------------

    Assignee: Colm O hEigeartaigh

> Version 3.5.4 contains security vulnerable woodstox version
> -----------------------------------------------------------
>
>                 Key: CXF-8776
>                 URL: https://issues.apache.org/jira/browse/CXF-8776
>             Project: CXF
>          Issue Type: Bug
>          Components: JAX-RS
>    Affects Versions: 3.5.4
>            Reporter: Shalom Yaish
>            Assignee: Colm O hEigeartaigh
>            Priority: Major
>             Fix For: 3.5.5
>
>
> Version 3.5.4 contains the security vulnerable woodstox-core- 6.2.8 containing this CVE:
> CVE-2022-40151 - CVE-2022-40156
> [https://www.mend.io/vulnerability-database/CVE-2022-40151]
> The fix existed at woodstox-core-6.4.0
>  
> Any chance this will be released quickly ?



--
This message was sent by Atlassian Jira
(v8.20.10#820010)