Extension for Jackson JSON processor that adds support for serializing POJOs as XML (and deserializing from XML) as an alternative to JSON
567
stars
221
forks
source link
New Vulnerabilities found at https://nvd.nist.gov for woodstox-core-6.2.7.jar #548
Closed
IlanaVek closed 2 years ago
Hi , We use jackson-dataformat-xml 1.12.7 at our projects. From 20.9 we started to get several vulnerabilities for woodstox-core-6.2.7.jar https://nvd.nist.gov/vuln/detail/CVE-2022-40151 https://nvd.nist.gov/vuln/detail/CVE-2022-40155 / CVE-2022-40154 /CVE-2022-40156/ CVE-2022-40153/ CVE-2022-40152
Can you, please, check this and if possible release new version ?
Thank you