Re: CVE-2022-40153 com.fasterxml.woodstox_woodstox-core

2022-12-07 Thread Kevin Risden
https://issues.apache.org/jira/browse/SOLR-16568 is merged and upgrades woodstox-core. The only woodstox-core CVE that remained is CVE-2022-40152 ( https://github.com/advisories/GHSA-3f7h-mf4q-vrm4) and fixed in https://github.com/FasterXML/woodstox/issues/160. It is LOW severity only. Kevin Risde

Re: CVE-2022-40153 com.fasterxml.woodstox_woodstox-core

2022-12-03 Thread Gus Heck
Hi Billy, Thanks for bringing this up. The CVE you link is rejected ( https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40153). However reading through the report here: https://github.com/x-stream/xstream/issues/304 it seems that this was part of a series of low quality auto generated CVE re