Опубликовано: 21 июн. 2024
Источник: github
Github: Прошло ревью
CVSS4: 6.9
CVSS3: 6.5
Описание
ClassGraph XML External Entity Reference
ClassGraph before 4.8.112 was not resistant to XML eXternal Entity (XXE) attacks.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2021-47621
- https://github.com/classgraph/classgraph/pull/539
- https://github.com/classgraph/classgraph/commit/681362ad6b0b9d9abaffb2e07099ce54d7a41fa3
- https://docs.r3.com/en/platform/corda/4.8/enterprise/release-notes-enterprise.html
- https://github.com/classgraph/classgraph/releases/tag/classgraph-4.8.112
Пакеты
Наименование
io.github.classgraph:classgraph
maven
Затронутые версииВерсия исправления
< 4.8.112
4.8.112
Связанные уязвимости
CVSS3: 7.5
nvd
больше 1 года назад
ClassGraph before 4.8.112 was not resistant to XML eXternal Entity (XXE) attacks.