Replies: 2 comments
-
|
In the IDE's use of this library, the xpaths being processed are paths into the local e4xmi model files, so they are not arbitrary paths that could potentially be from entrusted sources. |
Beta Was this translation helpful? Give feedback.
0 replies
-
|
This is not the first time this topic comes up . See eclipse-platform/eclipse.platform.ui#423 eclipse-platform/eclipse.platform#291 |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
We are currently utilizing org.eclipse.pde.runtime version 3.7.300, which has a compile dependency on commons-jxpath. Unfortunately, commons-jxpath is vulnerable to CVE-2022-41852. Although jxpath has rejected this vulnerability, we are still exposed due to our current dependency. We are using Eclipse version 4.23.0. Is there a solution to mitigate this vulnerability for the eclipse version 4.23.0?
Beta Was this translation helpful? Give feedback.
All reactions