I was scanning Apache PDFBox v1.8.16 jar in BlackDuck and it got flagged with the following report:
*CVE-2019-0228* Apache PDFBox 2.0.14 does not properly initialize the XML parser, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted XFDF. >From the report: It talks about v2.0.14 but I am on v1.8.16 which is wondering. My concern is that: I am using Apache PdfBox 1.8.16 which was released on 3rd July,2020 after the issue was reported( on 17 Apr 2019).So, Did it get resolved in this version? Thanks, Avinash.
