Описание
All versions of com.puppycrawl.tools:checkstyle before 8.29 are vulnerable to XML External Entity (XXE) Injection due to an incomplete fix for CVE-2019-9658.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| checkstyle | fixed | 8.29-1 | package | |
| checkstyle | not-affected | buster | package | |
| checkstyle | not-affected | stretch | package |
Примечания
https://snyk.io/vuln/SNYK-JAVA-COMPUPPYCRAWLTOOLS-543266
https://github.com/checkstyle/checkstyle/issues/7468
https://github.com/checkstyle/checkstyle/security/advisories/GHSA-763g-fqq7-48wg
EPSS
Связанные уязвимости
All versions of com.puppycrawl.tools:checkstyle before 8.29 are vulnerable to XML External Entity (XXE) Injection due to an incomplete fix for CVE-2019-9658.
All versions of com.puppycrawl.tools:checkstyle before 8.29 are vulnerable to XML External Entity (XXE) Injection due to an incomplete fix for CVE-2019-9658.
All versions of com.puppycrawl.tools:checkstyle before 8.29 are vulnerable to XML External Entity (XXE) Injection due to an incomplete fix for CVE-2019-9658.
XML external entity (XXE) processing ('external-parameter-entities' feature was not fully disabled))
EPSS