Explain CVE-2022-50152 to CVE-2022-40156.

x-stream · Dec 29, 2022 · 4c96033 · 4c96033
1 parent 5eba8cf
commit 4c96033
Showing 1 changed file with 6 additions and 0 deletions.
diff --git a/xstream-distribution/src/content/security.html b/xstream-distribution/src/content/security.html
@@ -62,6 +62,12 @@ <h2 id="CVEs">Documented Vulnerabilities</h2>
         <th><a href="CVE-2022-40151.html">CVE-2022-40151</a></th>
         <td>XStream can cause a Denial of Service by injecting deeply nested objects raising a stack overflow.</td>
       </tr>
+      <tr>
+        <th>CVE-2022-40152 to CVE-2022-40156</th>
+        <td>Although unconfirmed these issues had been assigned to XStream nonetheless. However, all these issues are
+        caused by the same problem in Woodstox. Therefore <a href="https://nvd.nist.gov/vuln/detail/CVE-2022-40152">
+        CVE-2022-40152</a> has been officially reassigned and the other CVEs have been revoked.</td>
+      </tr>
       <tr>
         <th>Version 1.4.18</th>
         <td></td>