Every CVE whose affected-product data names Apache Commons Jelly, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (1)
CVE-2017-12621 — CVSS 9.8 (critical): During Jelly (xml) file parsing with Apache Xerces, if a custom doctype entity is declared with a "SYSTEM" entity with a URL and that…