Open SoumyajitPatra opened 2 years ago
Dependency: xmlbeans-2.6.0.jar Vulnerability IDs: cpe:2.3:a:apache:xmlbeans:2.6.0:::::::* Package: pkg:maven/org.apache.xmlbeans/xmlbeans@2.6.0 Highest Severity: CRITICAL
xmlbeans@2.6.0 is introduced by poi-ooxml@3.17. On upgrading to poi-ooxml@4.0.0 we get xmlbeans@3.0.0 which does not have any OWASP vulnerability
Dependency: xmlbeans-2.6.0.jar Vulnerability IDs: cpe:2.3:a:apache:xmlbeans:2.6.0:::::::* Package: pkg:maven/org.apache.xmlbeans/xmlbeans@2.6.0 Highest Severity: CRITICAL
xmlbeans@2.6.0 is introduced by poi-ooxml@3.17. On upgrading to poi-ooxml@4.0.0 we get xmlbeans@3.0.0 which does not have any OWASP vulnerability