[Security] Bump cxf-rt-rs-security-jose from 3.4.10 to 3.5.9
Bumps cxf-rt-rs-security-jose from 3.4.10 to 3.5.9. This update includes a security fix.
Vulnerabilities fixed
Apache CXF Denial of Service vulnerability in JOSE An improper input validation of the p2c parameter in the Apache CXF JOSE code before 4.0.5, 3.6.4 and 3.5.9 allows an attacker to perform a denial of service attack by specifying a large value for this parameter in a token.
Patched versions: 3.5.9 Affected versions: < 3.5.9
Dependabot commands
You can trigger Dependabot actions by commenting on this MR
-
$dependabot rebase
will rebase this MR -
$dependabot recreate
will recreate this MR rewriting all the manual changes and resolving conflicts