cybersource-sdk-java icon indicating copy to clipboard operation
cybersource-sdk-java copied to clipboard
verified publisher icon CyberSource

Arbitrary code execution vulnerability

Open kennyfundrise opened this issue 3 years ago • 1 comments

Received this vulnerability report via Snyk: https://security.snyk.io/vuln/SNYK-JAVA-XALAN-2953385

Cybersource imports Xalan, all versions of Xalan are affected. Would be helpful to confirm that Cybersource SDK is not affected by this vulnerability or to patch it.

kennyfundrise avatar Dec 27 '22 19:12 kennyfundrise

Suggest bumping xalan to 2.7.3

bmiller-0 avatar Nov 01 '23 19:11 bmiller-0