Upgrade xerces:xercesImpl to version 2.12.0 or higher to get rid of security vulnerability [CVE-2013-4002, CWE-94], [CVE-2017-10355, CWE-400] , [CVE-2012-0881, CWE-400], [CVE-2009-2625, CWE-400], [CVE-2020-14338, CWE-20]

Question

Upgrade xerces:xercesImpl to version 2.12.0 or higher to get rid of security vulnerability [CVE-2013-4002, CWE-94], [CVE-2017-10355, CWE-400] , [CVE-2012-0881, CWE-400], [CVE-2009-2625, CWE-400], [CVE-2020-14338, CWE-20]

Closed this issue 2 years ago · 1 comments

SAST tool reported vulnerability for library : xerces:xercesImpl

network.oxalis:oxalis-as4@5.0.1
----org.apache.neethi:neethi@3.1.1
------- org.apache.ws.commons.axiom:axiom-api@1.2.14
---------- jaxen:jaxen@1.1.4
------------- xerces:xercesImpl@2.6.2

Library xerces:xercesImpl to version 2.12.0 or higher

Answer 1 · 2022-10-21T20:29:32.000Z

Closing this as vulnerable functionality is Not directly used.