We are currently utilizing org.eclipse.pde.runtime version 3.7.300, which has a compile dependency on commons-jxpath. Unfortunately, commons-jxpath is vulnerable to CVE-2022-41852. Although jxpath has rejected this vulnerability, we are still exposed due to our current dependency. We are using Eclipse version 4.23.0. Is there a solution to mitigate this vulnerability for the eclipse version 4.23.0?
We are currently utilizing org.eclipse.pde.runtime version 3.7.300, which has a compile dependency on commons-jxpath. Unfortunately, commons-jxpath is vulnerable to CVE-2022-41852. Although jxpath has rejected this vulnerability, we are still exposed due to our current dependency. We are using Eclipse version 4.23.0. Is there a solution to mitigate this vulnerability for the eclipse version 4.23.0?