A flaw was found in the Apache Commons JXPath package. This flaw allows an attacker to use the interpreter to execute untrusted expressions and a remote code attack.
bugzilla.redhat.com/show_bug.cgi?id=2136128
nvd.nist.gov/vuln/detail/CVE-2022-41852
www.cve.org/CVERecord?id=CVE-2022-41852