graphql-spring-boot icon indicating copy to clipboard operation
graphql-spring-boot copied to clipboard

Published 20 hours ago verified publisher icon graphql-java-kickstart

CVE-2022-42889 in latest version

Open jaydeepkhandelwal opened this issue 1 year ago • 3 comments

Describe the bug commons-text (>= 1.5 and <= 1.9) has been flagged by CVE-2022-42889. It affects graphql-spring-boot as its latest version still contains vulnerable version of commons-text (1.9).

To Reproduce https://nvd.nist.gov/vuln/detail/CVE-2022-42889

Expected behavior Upgrade commons-text to 1.10.0 or greater.

jaydeepkhandelwal avatar Nov 02 '22 19:11 jaydeepkhandelwal