MessageML is a markup language used by the Symphony Agent API for representing messages, including formatting (bold, italic, numbered and unnumbered lists etc.) and entity data representing structured objects.
✗ XML External Entity (XXE) Injection [High Severity][https://snyk.io/vuln/SNYK-JAVA-ORGMOZILLA-1314295] in org.mozilla:rhino@1.7.7.1
introduced by org.symphonyoss.symphony:messageml@0.9.70 > com.github.java-json-tools:json-schema-validator@2.2.10 > com.github.java-json-tools:json-schema-core@1.2.10 > org.mozilla:rhino@1.7.7.1
This issue was fixed in versions: 1.7.12
Latest available json-schema-validator (2.2.14, released May 2020) ships with an unsafe Rhino version. Need to add an exclusion and pull in a safe Rhino version explicitly.
Latest available
json-schema-validator(2.2.14, released May 2020) ships with an unsafe Rhino version. Need to add an exclusion and pull in a safe Rhino version explicitly.