Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CVE-2022-41852 in commons-jxpath-1.3 #1471

Open
RunFox opened this issue Oct 10, 2022 · 3 comments
Open

CVE-2022-41852 in commons-jxpath-1.3 #1471

RunFox opened this issue Oct 10, 2022 · 3 comments

Comments

@RunFox
Copy link

RunFox commented Oct 10, 2022

Hello. There is CVE-2022-41852 with high level risk in commons-jxpath-1.3. This library is transitive for com.netflix.eureka:eureka-client:1.10.17
Any patch?

@ralberts
Copy link

I am looking into a solution for this as well.

@spencergibb
Copy link
Contributor

My guess is that eureka is not vulnerable to "untrusted XPath expressions may be vulnerable to a remote code execution", because it doesn't allow any untrusted XPath expressions

@habelson
Copy link

For those who are interested, there appears to be interesting discussion about this issue here:
apache/commons-jxpath#25
apache/commons-jxpath#26

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

4 participants