https://nvd.nist.gov/vuln/detail/CVE-2019-12419 marks all the cxf artifacts
(cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*) as vulnerable - hence:
* cxf-xjc-runtime-3.3.1.jar
* cxf-xjc-ts-3.1.0.jar
gets marked as vulnerable - even though these are the latest version and
unrelated to the issue - is there any way to get this fixed in the CVE? Are
you planning on newer versions?
If these were released with the same version as CXF the problem could be
avoided (we always run with the latest patch-level).
Any thoughts?
Hmm in the past I emailed [email protected] and they fixed the pattern. Do
you have a working proposal already?
Best
Dennis
