[Security] Bump cxf-rt-rs-security-jose from 3.4.10 to 3.5.9 (!204) · Merge requests · eliatra-suite / Eliatra Suite Plugin for OpenSearch

dependabot requested to merge dependabot-maven-org.apache.cxf-cxf-rt-rs-security-jose-3.5.9 into main Jul 20, 2024

Bumps cxf-rt-rs-security-jose from 3.4.10 to 3.5.9. This update includes a security fix.

Vulnerabilities fixed

Apache CXF Denial of Service vulnerability in JOSE An improper input validation of the p2c parameter in the Apache CXF JOSE code before 4.0.5, 3.6.4 and 3.5.9 allows an attacker to perform a denial of service attack by specifying a large value for this parameter in a token.

Patched versions: 3.5.9 Affected versions: < 3.5.9

Dependabot commands

You can trigger Dependabot actions by commenting on this MR

$dependabot rebase will rebase this MR
$dependabot recreate will recreate this MR rewriting all the manual changes and resolving conflicts

[Security] Bump cxf-rt-rs-security-jose from 3.4.10 to 3.5.9

Merge request reports