https://issues.apache.org/jira/browse/SOLR-16568 is merged and upgrades
woodstox-core. The only woodstox-core CVE that remained is CVE-2022-40152 (
https://github.com/advisories/GHSA-3f7h-mf4q-vrm4) and fixed in
https://github.com/FasterXML/woodstox/issues/160. It is LOW severity only.
Kevin Risde
Hi Billy,
Thanks for bringing this up. The CVE you link is rejected (
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40153). However
reading through the report here:
https://github.com/x-stream/xstream/issues/304 it seems that this was part
of a series of low quality auto generated CVE re