Closed ndw closed 3 years ago
Nexus reports: junit/junit@4.12, org.apache.httpcomponents/httpclient@4.5.8, org.apache.logging.log4j/log4j-core@2.12.1, and xerces/xercesImpl@2.9.1 (I suspect the Xerces vulnerability is the billion laughs attack.)
junit/junit@4.12
org.apache.httpcomponents/httpclient@4.5.8
org.apache.logging.log4j/log4j-core@2.12.1
xerces/xercesImpl@2.9.1
Fixed in 1.3.2.
ndw
commented
3 years ago
Nexus reports:
junit/junit@4.12,org.apache.httpcomponents/httpclient@4.5.8,org.apache.logging.log4j/log4j-core@2.12.1, andxerces/xercesImpl@2.9.1(I suspect the Xerces vulnerability is the billion laughs attack.)