GHSA-6qx9-rf9g-7jmr
Suggest an improvement- Source
- https://github.com/advisories/GHSA-6qx9-rf9g-7jmr
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-6qx9-rf9g-7jmr/GHSA-6qx9-rf9g-7jmr.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-6qx9-rf9g-7jmr
- Aliases
-
- CVE-2014-8125
- Published
- 2022-05-17T04:12:57Z
- Modified
- 2024-12-07T05:32:42.656982Z
- Summary
- Improper Input Validation in Drools and jBPM
- Details
-
XML external entity (XXE) vulnerability in Drools and jBPM before 6.2.0 allows remote attackers to read arbitrary files or possibly have other unspecified impact via a crafted BPMN2 file.
- Database specific
{ "cwe_ids": [ "CWE-20" ], "github_reviewed": true, "github_reviewed_at": "2022-07-06T21:03:48Z", "severity": "HIGH", "nvd_published_at": "2015-04-21T17:59:00Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2014-8125
- https://github.com/droolsjbpm/drools/commit/c48464c3b246e6ef0d4cd0dbf67e83ccd532c6d3
- https://github.com/droolsjbpm/jbpm/commit/713e8073ecf45623cfc5c918c5cbf700203f46e5
- https://bugzilla.redhat.com/show_bug.cgi?id=1169553
- http://rhn.redhat.com/errata/RHSA-2015-0850.html
- http://rhn.redhat.com/errata/RHSA-2015-0851.html
Affected packages
Maven / org.drools:drools-core
Package
- Name
- org.drools:drools-core
- View open source insights on deps.dev
- Purl
- pkg:maven/org.drools/drools-core
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed6.2.0.Final
Affected versions
5.*
5.0.0.M3
5.0.0.M4
5.0.0.M5
5.0.0.CR1
5.0.1
5.1.0.M1
5.1.0.M2
5.1.0.CR1
5.1.0
5.1.1
5.2.0.M2
5.2.0.CR1
5.2.0.Final
5.2.1.Final
5.3.0.Beta1
5.3.0.CR1
5.3.0.Final
5.3.1.Final
5.3.2.Final
5.3.3.Final
5.3.4.Final
5.3.5.Final
5.4.0.Beta1
5.4.0.Beta2
5.4.0.CR1
5.4.0.Final
5.5.0.Beta1
5.5.0.CR1
5.5.0.Final
5.6.0.CR1
5.6.0.Final
6.*
6.0.0.Alpha4
6.0.0.Alpha5
6.0.0.Alpha6
6.0.0.Alpha7
6.0.0.Alpha9
6.0.0.Beta1
6.0.0.Beta2
6.0.0.Beta3
6.0.0.Beta4
6.0.0.Beta5
6.0.0.CR1
6.0.0.CR2
6.0.0.CR3
6.0.0.CR4
6.0.0.CR4-Pre1
6.0.0.CR5
6.0.0.Final
6.0.1.Final
6.1.0.Beta1
6.1.0.Beta2
6.1.0.Beta3
6.1.0.Beta4
6.1.0.CR1
6.1.0.CR2
6.1.0.Final
6.2.0.Beta1
6.2.0.Beta2
6.2.0.Beta3
6.2.0.CR1
6.2.0.CR2
6.2.0.CR3
6.2.0.CR4
Maven / org.jbpm:jbpm-bpmn2
Package
- Name
- org.jbpm:jbpm-bpmn2
- View open source insights on deps.dev
- Purl
- pkg:maven/org.jbpm/jbpm-bpmn2
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed6.2.0.Final
Affected versions
5.*
5.1.0.M1
5.1.0.CR1
5.1.0.Final
5.1.1.Final
5.1.2.Final
5.2.0.Final
5.2.1.Final
5.2.2.Final
5.2.4.Final
5.2.5.Final
5.3.0.CR1
5.3.0.Final
5.4.0.Beta1
5.4.0.CR1
5.4.0.Final
5.5.0.CR1
5.5.0.Final
6.*
6.0.0.Alpha4
6.0.0.Alpha5
6.0.0.Alpha6
6.0.0.Alpha7
6.0.0.Alpha9
6.0.0.Beta1
6.0.0.Beta2
6.0.0.Beta3
6.0.0.Beta4
6.0.0.Beta5
6.0.0.CR1
6.0.0.CR2
6.0.0.CR3
6.0.0.CR4
6.0.0.CR4-Pre1
6.0.0.CR5
6.0.0.Final
6.0.1.Final
6.1.0.Beta1
6.1.0.Beta2
6.1.0.Beta3
6.1.0.Beta4
6.1.0.CR1
6.1.0.CR2
6.1.0.Final
6.2.0.Beta1
6.2.0.Beta2
6.2.0.Beta3
6.2.0.CR1
6.2.0.CR2
6.2.0.CR3
6.2.0.CR4