GHSA-2g98-f9jv-w8c5

Опубликовано: 20 мая 2024

Источник: github

Github: Прошло ревью

CVSS3: 7.5

Описание

robrichards/xmlseclibs XPath injection

A vulnerability has been identified in the robrichards/xmlseclibs library, specifically related to XPath injection. The issue arises from inadequate filtering of user input before it is incorporated into XPath expressions.

Ссылки

https://github.com/robrichards/xmlseclibs/commit/649032643f7aac493e91ca318da0339aec72aa4a
https://github.com/FriendsOfPHP/security-advisories/blob/master/robrichards/xmlseclibs/2018-09-27.yaml

Пакеты

Наименование

robrichards/xmlseclibs

composer

Затронутые версииВерсия исправления

>= 1.0.0, < 3.0.2

3.0.2

7.5 High

CVSS3

Дефекты

CWE-91

7.5 High

CVSS3

Дефекты

CWE-91