CVE-2022-42889 Vulnerability in commons-text-1.6.jar

sirius-ms / sirius

SIRIUS is a software for discovering a landscape of de-novo identification of metabolites using tandem mass spectrometry. This repository contains the code of the SIRIUS Software (GUI and CLI)

GNU Affero General Public License v3.0

78 stars 17 forks source link

CVE-2022-42889 Vulnerability in commons-text-1.6.jar #93

Closed neerajwadhwa-lcci closed 1 year ago

neerajwadhwa-lcci commented 1 year ago

Hi Team, Sirius app bundles commons-text-1.6.jar (v1.9 in newer releases like v5.6.2) as dependency and this jar has CVE-2022-42889 vulnerability, is there any plan to update the commons-text package to commons-text-1.10.jar

mfleisch commented 1 year ago

Hey, we will replace v1.9 with v1.10 in the next build (v5.6.3).