Update org.apache.pdfbox:pdfbox to avoid vulnerability
Closed this issue · 1 comments
jhonnymertz commented
In Apache PDFBox 1.8.0 to 1.8.15 and 2.0.0RC1 to 2.0.11, a carefully crafted PDF file can trigger an extremely long running computation when parsing the page tree. Check link.
We use this lib for testing, so it is better to upgrade org.apache.pdfbox:pdfbox to version 1.8.16 or later. For example:
org.apache.pdfbox pdfbox [1.8.16,)jhonnymertz commented
fixed