GHSA-wcp5-m52f-mhh5

Suggest an improvement
Source
https://github.com/advisories/GHSA-wcp5-m52f-mhh5
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/05/GHSA-wcp5-m52f-mhh5/GHSA-wcp5-m52f-mhh5.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-wcp5-m52f-mhh5
Aliases
Published
2021-05-07T15:54:36Z
Modified
2023-11-01T04:52:37.517941Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
Improper Restriction of XML External Entity Reference in MPXJ
Details

"MPXJ through 8.1.3 allows XXE attacks. This affects the GanttProjectReader and PhoenixReader components."

Database specific
{
    "nvd_published_at": "2020-08-29T19:15:00Z",
    "github_reviewed_at": "2021-05-05T19:48:23Z",
    "severity": "CRITICAL",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-611"
    ]
}
References

Affected packages

Maven / net.sf.mpxj:mpxj

Package

Name
net.sf.mpxj:mpxj
View open source insights on deps.dev
Purl
pkg:maven/net.sf.mpxj/mpxj

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.1.4

Affected versions

4.*

4.7.1
4.7.2
4.7.3
4.7.4
4.7.5
4.7.6

5.*

5.0.0
5.1.0
5.1.4
5.1.9
5.1.10
5.1.11
5.1.12
5.1.13
5.1.15
5.1.16
5.1.17
5.1.18
5.2.0
5.2.1
5.2.2
5.3.0
5.3.1
5.3.2
5.3.3
5.4.0
5.5.0
5.5.1
5.5.2
5.5.3
5.5.4
5.5.5
5.5.6
5.5.7
5.5.8
5.5.9
5.6.0
5.6.1
5.6.2
5.6.3
5.6.4
5.6.5
5.7.0
5.7.1
5.8.0
5.9.0
5.10.0
5.11.0
5.12.0
5.13.0
5.14.0

6.*

6.0.0
6.1.0
6.1.2
6.2.0

7.*

7.0.0
7.0.1
7.0.2
7.0.3
7.1.0
7.2.0
7.2.1
7.3.0
7.4.0
7.4.1
7.4.2
7.4.3
7.4.4
7.5.0
7.6.0
7.6.1
7.6.2
7.6.3
7.7.0
7.7.1
7.8.0
7.8.1
7.8.2
7.8.3
7.8.4
7.9.0
7.9.1
7.9.2
7.9.3
7.9.4
7.9.5
7.9.7
7.9.8

8.*

8.0.0
8.0.2
8.0.3
8.0.4
8.0.5
8.0.6
8.0.7
8.0.8
8.1.0
8.1.1
8.1.2
8.1.3