Provides transitive vulnerable dependency maven:org.glassfish.web:javax.el:2.2.6 #21
Description
Hello, I'm interested in using your latest yodlee-java-sdk package from Maven Central, but IntelliJ IDEA is throwing the following CVE warning for the maven:org.glassfish.web:javax.el:2.2.6 dependency:
Provides transitive vulnerable dependency maven:org.glassfish.web:javax.el:2.2.6 CVE-2021-28170 5.3 Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') vulnerability pending CVSS allocation Results powered by Checkmarx(c)
If your team could update this dependency and release a new version of your Maven package as soon as possible, that'd be most appreciated.
Thanks in advance!