Remediate High xercesImpl vulnerability
Lilalamar opened this issue · 0 comments
Lilalamar commented
Snyk reports the following High severity vulnerability in HumanCellAtlas/data-consumer-vignettes. Please remediate by the end of Q1 Milestone 2.
Description
xerces:xercesimpl
Suggested Remediation
Upgrade xerces:xercesImpl to version 2.12.0 or higher.
Details
xerces:xercesImpl is a fully compliant XML parsers in the Apache Xerces family. Affected versions of this package are vulnerable to Denial of Service (DoS). Apache Xerces2 Java allows remote attackers to cause a denial of service (CPU consumption) via a crafted message to an XML service, which triggers hash table collisions.