exploitDog

GHSA-7jh3-f4p5-7prm

Опубликовано: 21 фев. 2025

Источник: github

Github: Не прошло ревью

CVSS3: 5.5

Описание

An XML External Entity (XXE) vulnerability in the deserializeArgs() method of Java SDK for CloudEvents v4.0.1 allows attackers to access sensitive information via supplying a crafted XML-formatted event message.

An XML External Entity (XXE) vulnerability in the deserializeArgs() method of Java SDK for CloudEvents v4.0.1 allows attackers to access sensitive information via supplying a crafted XML-formatted event message.

Ссылки

EPSS

Процентиль: 25%

0.00083

Низкий

5.5 Medium

CVSS3

CVE ID

Дефекты

CWE-134

Связанные уязвимости

CVE-2024-55156

CVSS3: 5.5

nvd

12 месяцев назад

An XML External Entity (XXE) vulnerability in the deserializeArgs() method of Java SDK for CloudEvents v4.0.1 allows attackers to access sensitive information via supplying a crafted XML-formatted event message.

EPSS

Процентиль: 25%

0.00083

Низкий

5.5 Medium

CVSS3

CVE ID

Дефекты

CWE-134