Uploaded image for project: 'Build'
  1. Build
  2. BUILD-1091

Dismiss CVE mismatch about woodstox-core-6.4.0

XMLWordPrintable

    • Icon: Task Task
    • Resolution: Done
    • Icon: Neutral Neutral
    • None
    • None
    • None
    • Yes 

      One or more dependencies were identified with known vulnerabilities

magnolia-community-webapp-6.2-SNAPSHOT.war: woodstox-core-6.4.0.jaMETA-INF/maven/com.sun.xml.bind.jaxb/isorelax/pom.xml (pkg:maven/com.sun.xml.bind.jaxb/isorelax@20090621, cpe:2.3:a:xml_library_project:xml_library:*:*:*:*:*:rust:*:*) : CVE-2023-34411
[...]

      https://nvd.nist.gov/vuln/detail/CVE-2023-34411
      https://github.com/FasterXML/woodstox/issues/173 

      False positive: the issue concerns an XML library for the Rust language which Magnolia doesn't use.

       

        Acceptance criteria

              fgrilli Federico Grilli
              fgrilli Federico Grilli
              Foundation
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved:
                Work Started:

                  Task DoR