CVE-2021-4295

Source
https://nvd.nist.gov/vuln/detail/CVE-2021-4295
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-4295.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2021-4295
Published
2022-12-29T09:15:08Z
Modified
2025-01-08T13:08:24.912832Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

A vulnerability classified as problematic was found in ONC code-validator-api up to 1.0.30. This vulnerability affects the function vocabularyValidationConfigurations of the file src/main/java/org/sitenv/vocabularies/configuration/CodeValidatorApiConfiguration.java of the component XML Handler. The manipulation leads to xml external entity reference. Upgrading to version 1.0.31 is able to address this issue. The name of the patch is fbd8ea121755a2d3d116b13f235bc8b61d8449af. It is recommended to upgrade the affected component. VDB-217018 is the identifier assigned to this vulnerability.

References

Affected packages

Git / github.com/onc-healthit/code-validator-api

Affected ranges

Type
GIT
Repo
https://github.com/onc-healthit/code-validator-api
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed

Affected versions

Other

001-20160516

1.*

1.0
1.0.1
1.0.10
1.0.11
1.0.12
1.0.13
1.0.14
1.0.15
1.0.16
1.0.17
1.0.18
1.0.19
1.0.2
1.0.20
1.0.21
1.0.22
1.0.23
1.0.25
1.0.26
1.0.27
1.0.28
1.0.29
1.0.3
1.0.30
1.0.4
1.0.5
1.0.6
1.0.7
1.0.8
1.0.9

2.*

2.3.0-20160516