Eclipse
/
jetty.project
mirror of https://github.com/jetty/jetty.project.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Provides transitive vulnerable dependency maven:xalan:xalan:2.7.2 

CVE-2022-34169 7.5 INCORRECT CONVERSION BETWEEN NUMERIC TYPES IN XALAN:XALAN
This commit is contained in:
Joakim Erdfelt 2023-08-25 11:35:16 -05:00
parent b8ce9db729
commit 6683cc3654
No known key found for this signature in database
GPG Key ID: 2D0E1FB8FE4B68B4
2 changed files with 13 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
jetty-ee8/jetty-ee8-home/pom.xml
View File

@ -400,6 +400,10 @@
<groupId>org.eclipse.jetty.ee8</groupId>
<artifactId>jetty-ee8-glassfish-jstl</artifactId>
<exclusions>
<exclusion>
<groupId>xalan</groupId>
<artifactId>xalan</artifactId>
</exclusion>
<exclusion>
<groupId>javax.el</groupId>
<artifactId>el-api</artifactId>
@ -410,6 +414,10 @@
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>xalan</groupId>
<artifactId>xalan</artifactId>
</dependency>
<dependency>
<groupId>org.eclipse.jetty.ee8</groupId>
<artifactId>jetty-ee8-plus</artifactId>

5
jetty-ee8/pom.xml
View File

@ -256,6 +256,11 @@
<artifactId>javax.servlet.jsp.jstl</artifactId>
<version>1.2.5</version>
</dependency>
<dependency>
<groupId>xalan</groupId>
<artifactId>xalan</artifactId>
<version>2.7.3</version>
</dependency>
<dependency>
<groupId>org.eclipse.jetty.toolchain</groupId>
<artifactId>jetty-javax-websocket-api</artifactId>