CVE-2024-31573

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-31573
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-31573.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-31573
Aliases
Downstream
Published
2025-10-17T19:15:36.627Z
Modified
2025-11-15T18:56:35.024828Z
Severity
  • 4.0 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

XMLUnit for Java before 2.10.0, in the default configuration, might allow code execution via an untrusted stylesheet (used for an XSLT transformation), because XSLT extension functions are enabled.

References

Affected packages

Git / github.com/xmlunit/xmlunit

Affected ranges

Type
GIT
Repo
https://github.com/xmlunit/xmlunit
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
b81d48b71dfd2868bdfc30a3e17ff973f32bc15b

Affected versions

v2.*

v2.0.0
v2.0.0-alpha-02
v2.0.0-alpha-03
v2.0.0-alpha-04
v2.1.0
v2.1.1
v2.2.0
v2.2.1
v2.3.0
v2.4.0
v2.5.0
v2.5.1
v2.6.0
v2.6.1
v2.6.2
v2.6.3
v2.6.4
v2.7.0
v2.8.0
v2.8.1
v2.8.2
v2.8.3
v2.8.4
v2.9.0
v2.9.1

Database specific

vanir_signatures

[
    {
        "signature_version": "v1",
        "deprecated": false,
        "target": {
            "file": "xmlunit-core/src/main/java/org/xmlunit/util/TransformerFactoryConfigurer.java"
        },
        "digest": {
            "line_hashes": [
                "154611123921423421645335976608025304895",
                "228814211565522784231639311710956742459",
                "5886931627580132605871572100413929395",
                "247864260715356687368484303476982227710",
                "199134340918989124889742310121177206632",
                "59732223403455170526283562180705348894",
                "99535819728291082660288204711498194286",
                "173314904974029999475071140212227473086",
                "172171201189454814384448134489661990848",
                "136327471852444456936191467561585206077",
                "322207521424604691247843753978392961497",
                "213835750640475560917790653373277748719",
                "170565629009380951464640414002170532011",
                "120003259985969365163875791320050297503"
            ],
            "threshold": 0.9
        },
        "signature_type": "Line",
        "source": "https://github.com/xmlunit/xmlunit/commit/b81d48b71dfd2868bdfc30a3e17ff973f32bc15b",
        "id": "CVE-2024-31573-694cd8fc"
    }
]

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-31573.json"