Re: CVE-2022-40160O on commons-jxpath

2023-06-30 Thread Gary Gregory
You're welcome and keep asking :-) Gary On Fri, Jun 30, 2023, 10:10 Tomo Suzuki wrote: > Good to know such cases. As always, thank you for maintaining OSS > ecosystem, including responding vulnerability questions. > > > https://nvd.nist.gov/vuln/detail/CVE-2022-40160 > Description > > **

Re: CVE-2022-40160O on commons-jxpath

2023-06-30 Thread Tomo Suzuki
Good to know such cases. As always, thank you for maintaining OSS ecosystem, including responding vulnerability questions. https://nvd.nist.gov/vuln/detail/CVE-2022-40160 Description ** DISPUTED ** This record was originally reported by the oss-fuzz project who failed to consider the security

Re: CVE-2022-40160O on commons-jxpath

2023-06-30 Thread Gary Gregory
That CVE is invalid, please see https://nvd.nist.gov/vuln/detail/CVE-2022-40160 You should rely on official CVE databases like nist.gov. Gary On Fri, Jun 30, 2023, 09:04 Debraj Manna wrote: > commons-jxpath 1.3 is also getting flagged for CVE-2022-401 >

Re: CVE-2022-40160O on commons-jxpath

2023-06-30 Thread Debraj Manna
commons-jxpath 1.3 is also getting flagged for CVE-2022-401 59. On Fri, Jun 30, 2023 at 6:28 PM Debraj Manna wrote: > Hi > > We have been flagged for CVE-2022-401600 >

CVE-2022-40160O on commons-jxpath

2023-06-30 Thread Debraj Manna
Hi We have been flagged for CVE-2022-401600 on commons-jxpath, version 1.3. Can someone let me know commons-jxpath is really affected by this vulnerability? If yes, is there any plan to fix this?