CVE-2022-42920 Security issue detected in latest Spot bug Version

[PrasannaKumarGowdru]

Hi Team,

We are consuming
"com.github.spotbugs" version "5.0.13" latest version in our product and this resulted in security vulnerability with CVE-2022-42920 issue.
Please can you tell us when the fix will be available for this issue and when can we expect new version from Spot Bug with this fix.

Thanks,
Prasanna

[Vampire]

This project does not use bcel.
Spotbugs is using bcel.
And as soon as a version with the fix that is already committed is released, you can configure this project to use that fixed verision.
See spotbugs/spotbugs#2251 for the discussion in the right project. ;-)

[hazendaz]

issue is not present in recent releases, closing.