Details
-
Improvement
-
Status: Closed
-
Critical
-
Resolution: Fixed
-
maven-bundle-plugin-5.1.9
-
None
Description
There is a HIGH CVE https://nvd.nist.gov/vuln/detail/CVE-2021-33813 detected in the maven-bundle-plugin.
https://github.com/apache/felix-dev/blob/master/tools/maven-bundle-plugin/pom.xml#L274
<dependency>
<groupId>org.jdom</groupId>
<artifactId>jdom</artifactId>
<version>1.1</version>
</dependency>
The latest jdom2/2.0.6.1 (https://search.maven.org/artifact/org.jdom/jdom2/2.0.6.1/jar) is the fix version for it.