- I have searched the issues of this repository and believe that this is not a duplicate.
Ⅰ. Issue Description
Ⅱ. Describe what happened
If there is an exception, please attach the exception trace:
Just paste your stack trace here!Ⅲ. Describe what you expected to happen
Ⅳ. How to reproduce it (as minimally and precisely as possible)
Apache JXPath 在解析用户提供的XPath表达式时,若使用了JXPathContext中除compile和compilePath之外的函数来解析XPath表达式时,会导致远程代码执行漏洞。
官方未针对 CVE-2022-41852 Apache Commons JXPath 远程代码执行漏洞发布安全更新。
Minimal yet complete reproducer code (or URL to code):
Ⅴ. Anything else we need to know?
Ⅵ. Environment:
- JDK version(e.g.
java -version): - Seata client/server version:
- Database version:
- OS(e.g.
uname -a): - Others:
3条答案
按热度按时间disbfnqx1#
imported by eureka-client,try to check new version of eureka-client
neekobn82#
seata is not a strong dependency on eureka, so this is not a significant problem.
pes8fvy93#
@q343959872 This advisory has been withdrawn due to the CVE being rejected.