https://bugzilla.redhat.com/show_bug.cgi?id=2134299
Carl George 🤠 carl@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution|--- |NOTABUG CC| |carl@redhat.com Last Closed| |2023-06-13 03:23:17
--- Comment #2 from Carl George 🤠 carl@redhat.com --- Upstream pushed back that this CVE was a duplicate of CVE-2022-40152, which itself was actually a bug in woodstox, not xstream. The security researcher agreed. The CVE status has been changed to rejected.
https://github.com/x-stream/xstream/issues/304#issuecomment-1254647926 https://github.com/x-stream/xstream/issues/304#issuecomment-1293654236 https://nvd.nist.gov/vuln/detail/CVE-2022-40155