GHSA-3vrc-rrpw-r5pw

Suggest an improvement
Source
https://github.com/advisories/GHSA-3vrc-rrpw-r5pw
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/02/GHSA-3vrc-rrpw-r5pw/GHSA-3vrc-rrpw-r5pw.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-3vrc-rrpw-r5pw
Aliases
  • CVE-2014-125087
Published
2023-02-19T18:30:21Z
Modified
2024-03-01T14:33:19.852132Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
java-xmlbuilder vulnerable to XML External Entity Reference
Details

A vulnerability was found in java-xmlbuilder up to 1.1. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to xml external entity reference. Upgrading to version 1.2 is able to address this issue. The name of the patch is e6fddca201790abab4f2c274341c0bb8835c3e73. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-221480.

Database specific
{
    "nvd_published_at": "2023-02-19T17:15:00Z",
    "cwe_ids": [
        "CWE-611"
    ],
    "severity": "CRITICAL",
    "github_reviewed": true,
    "github_reviewed_at": "2023-03-01T20:46:06Z"
}
References

Affected packages

Maven / com.jamesmurty.utils:java-xmlbuilder

Package

Name
com.jamesmurty.utils:java-xmlbuilder
View open source insights on deps.dev
Purl
pkg:maven/com.jamesmurty.utils/java-xmlbuilder

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.2

Affected versions

0.*

0.3
0.4
0.6

1.*

1.0
1.1