More information
#### Details
dom4j before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j.
Note: This advisory applies to `dom4j:dom4j` version 1.x legacy artifacts. To resolve this a change to the latest version of `org.dom4j:dom4j` is recommended.
#### Severity
- CVSS Score: 9.8 / 10 (Critical)
- Vector String: `CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H`
#### References
- [https://nvd.nist.gov/vuln/detail/CVE-2020-10683](https://nvd.nist.gov/vuln/detail/CVE-2020-10683)
- [https://github.com/dom4j/dom4j/issues/87](https://togithub.com/dom4j/dom4j/issues/87)
- [https://github.com/dom4j/dom4j/commit/1707bf3d898a8ada3b213acb0e3b38f16eaae73d](https://togithub.com/dom4j/dom4j/commit/1707bf3d898a8ada3b213acb0e3b38f16eaae73d)
- [https://github.com/dom4j/dom4j/commit/a8228522a99a02146106672a34c104adbda5c658](https://togithub.com/dom4j/dom4j/commit/a8228522a99a02146106672a34c104adbda5c658)
- [https://bugzilla.redhat.com/show_bug.cgi?id=1694235](https://bugzilla.redhat.com/show_bug.cgi?id=1694235)
- [https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html](https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html)
- [https://github.com/dom4j/dom4j](https://togithub.com/dom4j/dom4j)
- [https://github.com/dom4j/dom4j/commits/version-2.0.3](https://togithub.com/dom4j/dom4j/commits/version-2.0.3)
- [https://github.com/dom4j/dom4j/releases/tag/version-2.1.3](https://togithub.com/dom4j/dom4j/releases/tag/version-2.1.3)
- [https://lists.apache.org/thread.html/r51f3f9801058e47153c0ad9bc6209d57a592fc0e7aefd787760911b8@%3Cdev.velocity.apache.org%3E](https://lists.apache.org/thread.html/r51f3f9801058e47153c0ad9bc6209d57a592fc0e7aefd787760911b8@%3Cdev.velocity.apache.org%3E)
- [https://lists.apache.org/thread.html/r91c64cd51e68e97d524395474eaa25362d564572276b9917fcbf5c32@%3Cdev.velocity.apache.org%3E](https://lists.apache.org/thread.html/r91c64cd51e68e97d524395474eaa25362d564572276b9917fcbf5c32@%3Cdev.velocity.apache.org%3E)
- [https://lists.apache.org/thread.html/rb1b990d7920ae0d50da5109b73b92bab736d46c9788dd4b135cb1a51@%3Cnotifications.freemarker.apache.org%3E](https://lists.apache.org/thread.html/rb1b990d7920ae0d50da5109b73b92bab736d46c9788dd4b135cb1a51@%3Cnotifications.freemarker.apache.org%3E)
- [https://security.netapp.com/advisory/ntap-20200518-0002](https://security.netapp.com/advisory/ntap-20200518-0002)
- [https://usn.ubuntu.com/4575-1](https://usn.ubuntu.com/4575-1)
- [https://www.oracle.com//security-alerts/cpujul2021.html](https://www.oracle.com//security-alerts/cpujul2021.html)
- [https://www.oracle.com/security-alerts/cpuApr2021.html](https://www.oracle.com/security-alerts/cpuApr2021.html)
- [https://www.oracle.com/security-alerts/cpujan2021.html](https://www.oracle.com/security-alerts/cpujan2021.html)
- [https://www.oracle.com/security-alerts/cpujan2022.html](https://www.oracle.com/security-alerts/cpujan2022.html)
- [https://www.oracle.com/security-alerts/cpujul2020.html](https://www.oracle.com/security-alerts/cpujul2020.html)
- [https://www.oracle.com/security-alerts/cpujul2022.html](https://www.oracle.com/security-alerts/cpujul2022.html)
- [https://www.oracle.com/security-alerts/cpuoct2020.html](https://www.oracle.com/security-alerts/cpuoct2020.html)
- [https://www.oracle.com/security-alerts/cpuoct2021.html](https://www.oracle.com/security-alerts/cpuoct2021.html)
- [http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00061.html](http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00061.html)
This data is provided by [OSV](https://osv.dev/vulnerability/GHSA-hwj3-m3p6-hj38) and the [GitHub Advisory Database](https://togithub.com/github/advisory-database) ([CC-BY 4.0](https://togithub.com/github/advisory-database/blob/main/LICENSE.md)).
More information
#### Details
dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an attacker tampering with XML documents through XML injection. This attack appear to be exploitable via an attacker specifying attributes or elements in the XML document. This vulnerability appears to have been fixed in 2.1.1 or later.
Note: This advisory applies to `dom4j:dom4j` version 1.x legacy artifacts. To resolve this a change to the latest version of `org.dom4j:dom4j` is recommended.
#### Severity
- CVSS Score: 7.5 / 10 (High)
- Vector String: `CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N`
#### References
- [https://nvd.nist.gov/vuln/detail/CVE-2018-1000632](https://nvd.nist.gov/vuln/detail/CVE-2018-1000632)
- [https://github.com/dom4j/dom4j/issues/48](https://togithub.com/dom4j/dom4j/issues/48)
- [https://github.com/dom4j/dom4j/commit/c2a99d7dee8ce7a4e5bef134bb781a6672bd8a0f](https://togithub.com/dom4j/dom4j/commit/c2a99d7dee8ce7a4e5bef134bb781a6672bd8a0f)
- [https://github.com/dom4j/dom4j/commit/e598eb43d418744c4dbf62f647dd2381c9ce9387](https://togithub.com/dom4j/dom4j/commit/e598eb43d418744c4dbf62f647dd2381c9ce9387)
- [https://access.redhat.com/errata/RHSA-2019:0362](https://access.redhat.com/errata/RHSA-2019:0362)
- [https://access.redhat.com/errata/RHSA-2019:0364](https://access.redhat.com/errata/RHSA-2019:0364)
- [https://access.redhat.com/errata/RHSA-2019:0365](https://access.redhat.com/errata/RHSA-2019:0365)
- [https://access.redhat.com/errata/RHSA-2019:0380](https://access.redhat.com/errata/RHSA-2019:0380)
- [https://access.redhat.com/errata/RHSA-2019:1159](https://access.redhat.com/errata/RHSA-2019:1159)
- [https://access.redhat.com/errata/RHSA-2019:1160](https://access.redhat.com/errata/RHSA-2019:1160)
- [https://access.redhat.com/errata/RHSA-2019:1161](https://access.redhat.com/errata/RHSA-2019:1161)
- [https://access.redhat.com/errata/RHSA-2019:1162](https://access.redhat.com/errata/RHSA-2019:1162)
- [https://access.redhat.com/errata/RHSA-2019:3172](https://access.redhat.com/errata/RHSA-2019:3172)
- [https://github.com/advisories/GHSA-6pcc-3rfx-4gpm](https://togithub.com/advisories/GHSA-6pcc-3rfx-4gpm)
- [https://github.com/dom4j/dom4j](https://togithub.com/dom4j/dom4j)
- [https://ihacktoprotect.com/post/dom4j-xml-injection](https://ihacktoprotect.com/post/dom4j-xml-injection)
- [https://lists.apache.org/thread.html/00571f362a7a2470fba50a31282c65637c40d2e21ebe6ee535a4ed74@%3Ccommits.maven.apache.org%3E](https://lists.apache.org/thread.html/00571f362a7a2470fba50a31282c65637c40d2e21ebe6ee535a4ed74@%3Ccommits.maven.apache.org%3E)
- [https://lists.apache.org/thread.html/4a77652531d62299a30815cf5f233af183425db8e3c9a824a814e768@%3Cdev.maven.apache.org%3E](https://lists.apache.org/thread.html/4a77652531d62299a30815cf5f233af183425db8e3c9a824a814e768@%3Cdev.maven.apache.org%3E)
- [https://lists.apache.org/thread.html/5a020ecaa3c701f408f612f7ba2ee37a021644c4a39da2079ed3ddbc@%3Ccommits.maven.apache.org%3E](https://lists.apache.org/thread.html/5a020ecaa3c701f408f612f7ba2ee37a021644c4a39da2079ed3ddbc@%3Ccommits.maven.apache.org%3E)
- [https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E](https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E)
- [https://lists.apache.org/thread.html/7e9e78f0e4288fac6591992836d2a80d4df19161e54bd71ab4b8e458@%3Cdev.maven.apache.org%3E](https://lists.apache.org/thread.html/7e9e78f0e4288fac6591992836d2a80d4df19161e54bd71ab4b8e458@%3Cdev.maven.apache.org%3E)
- [https://lists.apache.org/thread.html/7f6e120e6ed473f4e00dde4c398fc6698eb383bd7857d20513e989ce@%3Cdev.maven.apache.org%3E](https://lists.apache.org/thread.html/7f6e120e6ed473f4e00dde4c398fc6698eb383bd7857d20513e989ce@%3Cdev.maven.apache.org%3E)
- [https://lists.apache.org/thread.html/9d4c1af6f702c3d6d6f229de57112ddccac8ce44446a01b7937ab9e0@%3Ccommits.maven.apache.org%3E](https://lists.apache.org/thread.html/9d4c1af6f702c3d6d6f229de57112ddccac8ce44446a01b7937ab9e0@%3Ccommits.maven.apache.org%3E)
- [https://lists.apache.org/thread.html/d7d960b2778e35ec9b4d40c8efd468c7ce7163bcf6489b633491c89f@%3Cdev.maven.apache.org%3E](https://lists.apache.org/thread.html/d7d960b2778e35ec9b4d40c8efd468c7ce7163bcf6489b633491c89f@%3Cdev.maven.apache.org%3E)
- [https://lists.apache.org/thread.html/rb1b990d7920ae0d50da5109b73b92bab736d46c9788dd4b135cb1a51@%3Cnotifications.freemarker.apache.org%3E](https://lists.apache.org/thread.html/rb1b990d7920ae0d50da5109b73b92bab736d46c9788dd4b135cb1a51@%3Cnotifications.freemarker.apache.org%3E)
- [https://lists.debian.org/debian-lts-announce/2018/09/msg00028.html](https://lists.debian.org/debian-lts-announce/2018/09/msg00028.html)
- [https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IOOVVCRQE6ATFD2JM2EMDXOQXTRIVZGP](https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IOOVVCRQE6ATFD2JM2EMDXOQXTRIVZGP)
- [https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJULAHVR3I5SX7OSMXAG75IMNSAYOXGA](https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJULAHVR3I5SX7OSMXAG75IMNSAYOXGA)
- [https://security.netapp.com/advisory/ntap-20190530-0001](https://security.netapp.com/advisory/ntap-20190530-0001)
- [https://www.oracle.com/security-alerts/cpuApr2021.html](https://www.oracle.com/security-alerts/cpuApr2021.html)
- [https://www.oracle.com/security-alerts/cpuapr2020.html](https://www.oracle.com/security-alerts/cpuapr2020.html)
- [https://www.oracle.com/security-alerts/cpujul2020.html](https://www.oracle.com/security-alerts/cpujul2020.html)
- [https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html](https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html)
This data is provided by [OSV](https://osv.dev/vulnerability/GHSA-6pcc-3rfx-4gpm) and the [GitHub Advisory Database](https://togithub.com/github/advisory-database) ([CC-BY 4.0](https://togithub.com/github/advisory-database/blob/main/LICENSE.md)).
Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
[ ] If you want to rebase/retry this PR, check this box
This PR has been generated by Mend Renovate. View repository job log here.
This PR contains the following updates:
1.6.1->20040902.021138dom4j allows External Entities by default which might enable XXE attacks
CVE-2020-10683 / GHSA-hwj3-m3p6-hj38
More information
#### Details dom4j before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j. Note: This advisory applies to `dom4j:dom4j` version 1.x legacy artifacts. To resolve this a change to the latest version of `org.dom4j:dom4j` is recommended. #### Severity - CVSS Score: 9.8 / 10 (Critical) - Vector String: `CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H` #### References - [https://nvd.nist.gov/vuln/detail/CVE-2020-10683](https://nvd.nist.gov/vuln/detail/CVE-2020-10683) - [https://github.com/dom4j/dom4j/issues/87](https://togithub.com/dom4j/dom4j/issues/87) - [https://github.com/dom4j/dom4j/commit/1707bf3d898a8ada3b213acb0e3b38f16eaae73d](https://togithub.com/dom4j/dom4j/commit/1707bf3d898a8ada3b213acb0e3b38f16eaae73d) - [https://github.com/dom4j/dom4j/commit/a8228522a99a02146106672a34c104adbda5c658](https://togithub.com/dom4j/dom4j/commit/a8228522a99a02146106672a34c104adbda5c658) - [https://bugzilla.redhat.com/show_bug.cgi?id=1694235](https://bugzilla.redhat.com/show_bug.cgi?id=1694235) - [https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html](https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html) - [https://github.com/dom4j/dom4j](https://togithub.com/dom4j/dom4j) - [https://github.com/dom4j/dom4j/commits/version-2.0.3](https://togithub.com/dom4j/dom4j/commits/version-2.0.3) - [https://github.com/dom4j/dom4j/releases/tag/version-2.1.3](https://togithub.com/dom4j/dom4j/releases/tag/version-2.1.3) - [https://lists.apache.org/thread.html/r51f3f9801058e47153c0ad9bc6209d57a592fc0e7aefd787760911b8@%3Cdev.velocity.apache.org%3E](https://lists.apache.org/thread.html/r51f3f9801058e47153c0ad9bc6209d57a592fc0e7aefd787760911b8@%3Cdev.velocity.apache.org%3E) - [https://lists.apache.org/thread.html/r91c64cd51e68e97d524395474eaa25362d564572276b9917fcbf5c32@%3Cdev.velocity.apache.org%3E](https://lists.apache.org/thread.html/r91c64cd51e68e97d524395474eaa25362d564572276b9917fcbf5c32@%3Cdev.velocity.apache.org%3E) - [https://lists.apache.org/thread.html/rb1b990d7920ae0d50da5109b73b92bab736d46c9788dd4b135cb1a51@%3Cnotifications.freemarker.apache.org%3E](https://lists.apache.org/thread.html/rb1b990d7920ae0d50da5109b73b92bab736d46c9788dd4b135cb1a51@%3Cnotifications.freemarker.apache.org%3E) - [https://security.netapp.com/advisory/ntap-20200518-0002](https://security.netapp.com/advisory/ntap-20200518-0002) - [https://usn.ubuntu.com/4575-1](https://usn.ubuntu.com/4575-1) - [https://www.oracle.com//security-alerts/cpujul2021.html](https://www.oracle.com//security-alerts/cpujul2021.html) - [https://www.oracle.com/security-alerts/cpuApr2021.html](https://www.oracle.com/security-alerts/cpuApr2021.html) - [https://www.oracle.com/security-alerts/cpujan2021.html](https://www.oracle.com/security-alerts/cpujan2021.html) - [https://www.oracle.com/security-alerts/cpujan2022.html](https://www.oracle.com/security-alerts/cpujan2022.html) - [https://www.oracle.com/security-alerts/cpujul2020.html](https://www.oracle.com/security-alerts/cpujul2020.html) - [https://www.oracle.com/security-alerts/cpujul2022.html](https://www.oracle.com/security-alerts/cpujul2022.html) - [https://www.oracle.com/security-alerts/cpuoct2020.html](https://www.oracle.com/security-alerts/cpuoct2020.html) - [https://www.oracle.com/security-alerts/cpuoct2021.html](https://www.oracle.com/security-alerts/cpuoct2021.html) - [http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00061.html](http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00061.html) This data is provided by [OSV](https://osv.dev/vulnerability/GHSA-hwj3-m3p6-hj38) and the [GitHub Advisory Database](https://togithub.com/github/advisory-database) ([CC-BY 4.0](https://togithub.com/github/advisory-database/blob/main/LICENSE.md)).Dom4j contains a XML Injection vulnerability
CVE-2018-1000632 / GHSA-6pcc-3rfx-4gpm
More information
#### Details dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an attacker tampering with XML documents through XML injection. This attack appear to be exploitable via an attacker specifying attributes or elements in the XML document. This vulnerability appears to have been fixed in 2.1.1 or later. Note: This advisory applies to `dom4j:dom4j` version 1.x legacy artifacts. To resolve this a change to the latest version of `org.dom4j:dom4j` is recommended. #### Severity - CVSS Score: 7.5 / 10 (High) - Vector String: `CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N` #### References - [https://nvd.nist.gov/vuln/detail/CVE-2018-1000632](https://nvd.nist.gov/vuln/detail/CVE-2018-1000632) - [https://github.com/dom4j/dom4j/issues/48](https://togithub.com/dom4j/dom4j/issues/48) - [https://github.com/dom4j/dom4j/commit/c2a99d7dee8ce7a4e5bef134bb781a6672bd8a0f](https://togithub.com/dom4j/dom4j/commit/c2a99d7dee8ce7a4e5bef134bb781a6672bd8a0f) - [https://github.com/dom4j/dom4j/commit/e598eb43d418744c4dbf62f647dd2381c9ce9387](https://togithub.com/dom4j/dom4j/commit/e598eb43d418744c4dbf62f647dd2381c9ce9387) - [https://access.redhat.com/errata/RHSA-2019:0362](https://access.redhat.com/errata/RHSA-2019:0362) - [https://access.redhat.com/errata/RHSA-2019:0364](https://access.redhat.com/errata/RHSA-2019:0364) - [https://access.redhat.com/errata/RHSA-2019:0365](https://access.redhat.com/errata/RHSA-2019:0365) - [https://access.redhat.com/errata/RHSA-2019:0380](https://access.redhat.com/errata/RHSA-2019:0380) - [https://access.redhat.com/errata/RHSA-2019:1159](https://access.redhat.com/errata/RHSA-2019:1159) - [https://access.redhat.com/errata/RHSA-2019:1160](https://access.redhat.com/errata/RHSA-2019:1160) - [https://access.redhat.com/errata/RHSA-2019:1161](https://access.redhat.com/errata/RHSA-2019:1161) - [https://access.redhat.com/errata/RHSA-2019:1162](https://access.redhat.com/errata/RHSA-2019:1162) - [https://access.redhat.com/errata/RHSA-2019:3172](https://access.redhat.com/errata/RHSA-2019:3172) - [https://github.com/advisories/GHSA-6pcc-3rfx-4gpm](https://togithub.com/advisories/GHSA-6pcc-3rfx-4gpm) - [https://github.com/dom4j/dom4j](https://togithub.com/dom4j/dom4j) - [https://ihacktoprotect.com/post/dom4j-xml-injection](https://ihacktoprotect.com/post/dom4j-xml-injection) - [https://lists.apache.org/thread.html/00571f362a7a2470fba50a31282c65637c40d2e21ebe6ee535a4ed74@%3Ccommits.maven.apache.org%3E](https://lists.apache.org/thread.html/00571f362a7a2470fba50a31282c65637c40d2e21ebe6ee535a4ed74@%3Ccommits.maven.apache.org%3E) - [https://lists.apache.org/thread.html/4a77652531d62299a30815cf5f233af183425db8e3c9a824a814e768@%3Cdev.maven.apache.org%3E](https://lists.apache.org/thread.html/4a77652531d62299a30815cf5f233af183425db8e3c9a824a814e768@%3Cdev.maven.apache.org%3E) - [https://lists.apache.org/thread.html/5a020ecaa3c701f408f612f7ba2ee37a021644c4a39da2079ed3ddbc@%3Ccommits.maven.apache.org%3E](https://lists.apache.org/thread.html/5a020ecaa3c701f408f612f7ba2ee37a021644c4a39da2079ed3ddbc@%3Ccommits.maven.apache.org%3E) - [https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E](https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E) - [https://lists.apache.org/thread.html/7e9e78f0e4288fac6591992836d2a80d4df19161e54bd71ab4b8e458@%3Cdev.maven.apache.org%3E](https://lists.apache.org/thread.html/7e9e78f0e4288fac6591992836d2a80d4df19161e54bd71ab4b8e458@%3Cdev.maven.apache.org%3E) - [https://lists.apache.org/thread.html/7f6e120e6ed473f4e00dde4c398fc6698eb383bd7857d20513e989ce@%3Cdev.maven.apache.org%3E](https://lists.apache.org/thread.html/7f6e120e6ed473f4e00dde4c398fc6698eb383bd7857d20513e989ce@%3Cdev.maven.apache.org%3E) - [https://lists.apache.org/thread.html/9d4c1af6f702c3d6d6f229de57112ddccac8ce44446a01b7937ab9e0@%3Ccommits.maven.apache.org%3E](https://lists.apache.org/thread.html/9d4c1af6f702c3d6d6f229de57112ddccac8ce44446a01b7937ab9e0@%3Ccommits.maven.apache.org%3E) - [https://lists.apache.org/thread.html/d7d960b2778e35ec9b4d40c8efd468c7ce7163bcf6489b633491c89f@%3Cdev.maven.apache.org%3E](https://lists.apache.org/thread.html/d7d960b2778e35ec9b4d40c8efd468c7ce7163bcf6489b633491c89f@%3Cdev.maven.apache.org%3E) - [https://lists.apache.org/thread.html/rb1b990d7920ae0d50da5109b73b92bab736d46c9788dd4b135cb1a51@%3Cnotifications.freemarker.apache.org%3E](https://lists.apache.org/thread.html/rb1b990d7920ae0d50da5109b73b92bab736d46c9788dd4b135cb1a51@%3Cnotifications.freemarker.apache.org%3E) - [https://lists.debian.org/debian-lts-announce/2018/09/msg00028.html](https://lists.debian.org/debian-lts-announce/2018/09/msg00028.html) - [https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IOOVVCRQE6ATFD2JM2EMDXOQXTRIVZGP](https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IOOVVCRQE6ATFD2JM2EMDXOQXTRIVZGP) - [https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJULAHVR3I5SX7OSMXAG75IMNSAYOXGA](https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJULAHVR3I5SX7OSMXAG75IMNSAYOXGA) - [https://security.netapp.com/advisory/ntap-20190530-0001](https://security.netapp.com/advisory/ntap-20190530-0001) - [https://www.oracle.com/security-alerts/cpuApr2021.html](https://www.oracle.com/security-alerts/cpuApr2021.html) - [https://www.oracle.com/security-alerts/cpuapr2020.html](https://www.oracle.com/security-alerts/cpuapr2020.html) - [https://www.oracle.com/security-alerts/cpujul2020.html](https://www.oracle.com/security-alerts/cpujul2020.html) - [https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html](https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html) This data is provided by [OSV](https://osv.dev/vulnerability/GHSA-6pcc-3rfx-4gpm) and the [GitHub Advisory Database](https://togithub.com/github/advisory-database) ([CC-BY 4.0](https://togithub.com/github/advisory-database/blob/main/LICENSE.md)).Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.