-
Notifications
You must be signed in to change notification settings - Fork 22
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Vulnerability reported in version 4.2.1 #22
Comments
But isn't that against Woodstox? Stax2-api has no dependency on Woodstox: Woodstox implements stax2-api, not the other way around. So I don't see how this could be accurate. |
owasp check gives this now:
and mvn repository also points here can you @cowtowncoder confirm that this information is inaccurate |
@jpoikela Yes, this is inaccurate. Someone should actually point out WHAT SPECIFICALLY is supposed to be the problem with I think whoever added applicability did not really know what they were doing. :-( (Tekisi melkein mieli ehdottaa että "taas joku saatanan tunari asialla" mutta ehkäpä on jotain lieventäviä asianhaaroja :) ) |
NVD check reports CVE-2022-40152 found in stax2-api version 4.2.1
The text was updated successfully, but these errors were encountered: