Hi,
Yes, Scott's interpretation is correct - I'm sorry if the wording of the
CVE was not sufficiently clear. Let me see if there's a way to query the
CVSSv3 score that was assigned to the CVE...
Colm.
On Fri, Sep 6, 2019 at 3:03 PM Cantor, Scott wrote:
> On 9/6/19, 5:44 AM, "RvG" wrote:
>
>
Thanks Scott.
I was going for a reading like this as well, but there's a little too much
ambiguity in the original wording for me to feel comfortable reading it like
that. I say that considering that the CVSSv3 score assigned to this
vulnerability (7.5) is rather high if the bug requires you to
The following security advisory is announced for the Apache Santuario - XML
Security for Java project, which is fixed in the recent 2.1.4 release.
[CVEID]:CVE-2019-12400
[PRODUCT]:Apache Santuario - XML Security for Java
[VERSION]:All 2.0.x releases from 2.0.3, all 2.1.x releases before 2.1.4.