CVE-2024-34345

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-34345

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-34345.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-34345

Aliases

GHSA-38gf-rh2w-gmj7

Related

GHSA-38gf-rh2w-gmj7

Published

2024-05-14T15:38:40Z

Modified

2025-01-08T16:04:43.031806Z

Summary

[none]

Details

The CycloneDX JavaScript library contains the core functionality of OWASP CycloneDX for JavaScript. In 6.7.0, XML External entity injections were possible, when running the provided XML Validator on arbitrary input. This issue was fixed in version 6.7.1.

References

Affected packages

Git / github.com/cyclonedx/cyclonedx-javascript-library

Affected ranges

Type: GIT
Repo: https://github.com/cyclonedx/cyclonedx-javascript-library
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

5e5e1e0b9422f47d2de81c7c4064b803a01e7203

Fixed

5e5e1e0b9422f47d2de81c7c4064b803a01e7203

Affected versions

v1.*

v1.0.0

v1.0.0-beta.2

v1.0.0-beta.3

v1.0.0-beta.4

v1.0.0-beta.5

v1.0.0-beta.6

v1.0.0-beta.7

v1.0.1

v1.0.2

v1.0.3

v1.1.0

v1.10.0

v1.12.0

v1.12.1

v1.13.0

v1.13.1

v1.13.2

v1.13.3

v1.14.0

v1.14.0-rc.2

v1.14.0-rc.3

v1.2.0

v1.3.0

v1.3.1

v1.3.2

v1.3.3

v1.3.4

v1.4.0

v1.4.1

v1.4.2

v1.5.0

v1.5.1

v1.6.0

v1.7.0

v1.8.0

v1.9.0

v1.9.1

v1.9.2

v2.*

v2.0.0

v2.0.0-rc.0

v2.1.0

v3.*

v3.0.0

v4.*

v4.0.0

v5.*

v5.0.0

v6.*

v6.0.0

v6.1.0

v6.1.1

v6.1.2

v6.1.3

v6.3.0

v6.3.1

v6.3.2

v6.4.0

v6.4.1

v6.4.2

v6.5.0

v6.5.1

v6.6.0

v6.6.1

v6.7.0