Albert Wang

Results 3 comments of Albert Wang

[FP]: xercesImpl-2.12.2.jar matched for CVE-2017-10355

Hi @kwwall is there a further update about the FP? Do we know the reason that xerceslmpl-2.12.2.jar is matched with the CVE-2017-10355? Thank you.

[FP]: xercesImpl-2.12.2.jar matched for CVE-2017-10355

@kwwall @aikebah I reported the issue to [OSSIndex](https://github.com/OSSIndex/vulns/issues/316#issue-1325709261). My current understanding is that OSSIndex published a vulnerability [[sonatype-2017-0348] CWE-833: Deadlock](https://ossindex.sonatype.org/vulnerability/sonatype-2017-0348) of [xerces:xercesImpl](https://search.maven.org/artifact/xerces/xercesImpl). Somehow, when OWASP Dependency-Check reports the vulnerability, it...

[FP]: xercesImpl-2.12.2.jar matched for CVE-2017-10355

Hi @aikebah , do you think [SNYK-JAVA-XERCES-31497](https://security.snyk.io/vuln/SNYK-JAVA-XERCES-31497) and [sonatype-2017-0348](https://ossindex.sonatype.org/vulnerability/sonatype-2017-0348) are the same issue of XercesImpl, or they are different issues?