-
Task
-
Resolution: Done
-
Neutral
-
None
-
None
-
None
-
-
Empty show more show less
-
Yes
Pulled in via jBPM, still undergoing analysis at the moment of writing.
https://nvd.nist.gov/vuln/detail/CVE-2023-51079
https://github.com/mvel/mvel/issues/348
[INFO] | +- org.jbpm:jbpm-runtime-manager:jar:7.74.1.Final:compile [INFO] | | +- org.eclipse.aether:aether-api:jar:1.1.0:compile [INFO] | | +- org.kie.soup:kie-soup-project-datamodel-commons:jar:7.74.1.Final:compile [INFO] | | | \- org.kie.soup:kie-soup-project-datamodel-api:jar:7.74.1.Final:compile [INFO] | | +- org.mvel:mvel2:jar:2.4.15.Final:compile
The vulnerability was eventually dismissed by the library maintainers. The API in question isn't used by Magnolia directly anyway.
Acceptance criteria