New CVE in org.codehaus.jettison:jettison version 1.4.0

[Subrhamanya]

New vulnerabilities (CVE-2022-40149, CVE-2022-45685, CVE-2022-45693) has been found in org.codehaus.jettison:jettison version 1.4.0.
Please refer the link below for detailed description.

CVE-2022-40149.
CVE-2022-45685.
CVE-2022-45693.

The resolution for this CVE is to use jettison version 1.5.2.

[Subrhamanya]

Hi team can anybody look into it? We are consuming this dependency and waiting for the team to fix this CVE.

Here is the reference link

jettison-json/jettison#45

[wealthtears]

Eureka blend: 1.10.18 contains a vulnerability in jettison: 1.4.0. Can I upgrade jettison to 1.5.2? Does the upgrade affect the eureka blend feature?