Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2025-4949

Опубликовано: 21 мая 2025
Источник: debian
EPSS Низкий

Описание

In Eclipse JGit versions 7.2.0.202503040940-r and older, the ManifestParser class used by the repo command and the AmazonS3 class used to implement the experimental amazons3 git transport protocol allowing to store git pack files in an Amazon S3 bucket, are vulnerable to XML External Entity (XXE) attacks when parsing XML files. This vulnerability can lead to information disclosure, denial of service, and other security issues.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
jgitunfixedpackage
jgitno-dsatrixiepackage
jgitno-dsabookwormpackage
jgitpostponedbullseyepackage

Примечания

  • https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/281

  • https://gitlab.eclipse.org/security/cve-assignement/-/issues/64

  • https://eclipse.gerrithub.io/c/eclipse-jgit/jgit/+/1215019

  • https://eclipse.gerrithub.io/c/eclipse-jgit/jgit/+/1215020

  • Fixed in:

  • 6.10.1.202505221210-r

  • 7.0.1.202505221510-r

  • 7.1.1.202505221757-r

EPSS

Процентиль: 24%
0.0008
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2025-4949

CVSS3: 5.3
ubuntu
9 месяцев назад

In Eclipse JGit versions 7.2.0.202503040940-r and older, the ManifestParser class used by the repo command and the AmazonS3 class used to implement the experimental amazons3 git transport protocol allowing to store git pack files in an Amazon S3 bucket, are vulnerable to XML External Entity (XXE) attacks when parsing XML files. This vulnerability can lead to information disclosure, denial of service, and other security issues.

redhat логотип

CVE-2025-4949

CVSS3: 4.8
redhat
9 месяцев назад

In Eclipse JGit versions 7.2.0.202503040940-r and older, the ManifestParser class used by the repo command and the AmazonS3 class used to implement the experimental amazons3 git transport protocol allowing to store git pack files in an Amazon S3 bucket, are vulnerable to XML External Entity (XXE) attacks when parsing XML files. This vulnerability can lead to information disclosure, denial of service, and other security issues.

nvd логотип

CVE-2025-4949

CVSS3: 5.3
nvd
9 месяцев назад

In Eclipse JGit versions 7.2.0.202503040940-r and older, the ManifestParser class used by the repo command and the AmazonS3 class used to implement the experimental amazons3 git transport protocol allowing to store git pack files in an Amazon S3 bucket, are vulnerable to XML External Entity (XXE) attacks when parsing XML files. This vulnerability can lead to information disclosure, denial of service, and other security issues.

suse-cvrf логотип

SUSE-SU-2025:02762-1

suse-cvrf
6 месяцев назад

Security update for eclipse-jgit

github логотип

GHSA-vrpq-qp53-qv56

github
9 месяцев назад

Eclipse JGit XML External Entity (XXE) Vulnerability

EPSS

Процентиль: 24%
0.0008
Низкий