jstl-api jakarta.servlet.jsp.jstl v3.0 contains vulnerable shaded JAR for BCEL

jakarta.servlet.jsp.jstl v3.0 contains vulnerable shaded JAR for BCEL

Open rwmajor2 opened this issue 1 year ago • 1 comments

Is bcel needed to be included in jakarta.servlet.jsp.jstl.jar? I am curious what it is used for and more importantly what version is it? It is showing up on vulnerability scans due to CVEs with bcel, but I can't find out what version it is from this repo.

Thanks.

Jun 16 '24 10:06 rwmajor2

jstl-api jstl-api copied to clipboard

jakarta.servlet.jsp.jstl v3.0 contains vulnerable shaded JAR for BCEL

jstl-api
jstl-api copied to clipboard