You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
CVE-2022-40152 is a vulnerability affecting com.fasterxml.woodstox:woodstox-core, which is a transitive dependency of java-saml via org.apache.santuario:xmlsec. Requesting that you upgrade the dependency org.apache.santuario:xmlsec to 3.0.2+ or 2.3.3+ when they are released. It appears both will include upgraded versions of woodstox-core in which this vulnerability is fixed. Thank you!
The text was updated successfully, but these errors were encountered:
Adding interest in this update. Snyk has assigned another XML External Entity (XXE) Injection vulnerability with no CVE number, in com.fasterxml.woodstox:woodstox-core < 5.3.0, the rating of 9.4 out of 10. https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLWOODSTOX-2928754
CVE-2022-40152 is a vulnerability affecting
com.fasterxml.woodstox:woodstox-core
, which is a transitive dependency ofjava-saml
viaorg.apache.santuario:xmlsec
. Requesting that you upgrade the dependencyorg.apache.santuario:xmlsec
to 3.0.2+ or 2.3.3+ when they are released. It appears both will include upgraded versions ofwoodstox-core
in which this vulnerability is fixed. Thank you!The text was updated successfully, but these errors were encountered: