That CVE is invalid, please see https://nvd.nist.gov/vuln/detail/CVE-2022-40160
You should rely on official CVE databases like nist.gov. Gary On Fri, Jun 30, 2023, 09:04 Debraj Manna <subharaj.ma...@gmail.com> wrote: > commons-jxpath 1.3 is also getting flagged for CVE-2022-401 > <https://security.snyk.io/vuln/SNYK-JAVA-COMMONSJXPATH-3040994>59. > > On Fri, Jun 30, 2023 at 6:28 PM Debraj Manna <subharaj.ma...@gmail.com> > wrote: > > > Hi > > > > We have been flagged for CVE-2022-401600 > > <https://security.snyk.io/vuln/SNYK-JAVA-COMMONSJXPATH-3040995> on > > commons-jxpath, version 1.3. > > > > Can someone let me know commons-jxpath is really affected by this > > vulnerability? If yes, is there any plan to fix this? > > >