Описание
All versions of com.puppycrawl.tools:checkstyle before 8.29 are vulnerable to XML External Entity (XXE) Injection due to an incomplete fix for CVE-2019-9658.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 8.29 (исключая)
cpe:2.3:a:checkstyle:checkstyle:*:*:*:*:*:*:*:*
EPSS
Процентиль: 65%
0.00488
Низкий
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-611
Связанные уязвимости
CVSS3: 5.3
ubuntu
около 6 лет назад
All versions of com.puppycrawl.tools:checkstyle before 8.29 are vulnerable to XML External Entity (XXE) Injection due to an incomplete fix for CVE-2019-9658.
CVSS3: 5.3
redhat
около 6 лет назад
All versions of com.puppycrawl.tools:checkstyle before 8.29 are vulnerable to XML External Entity (XXE) Injection due to an incomplete fix for CVE-2019-9658.
CVSS3: 5.3
debian
около 6 лет назад
All versions of com.puppycrawl.tools:checkstyle before 8.29 are vulner ...
CVSS3: 5.3
github
около 6 лет назад
XML external entity (XXE) processing ('external-parameter-entities' feature was not fully disabled))
EPSS
Процентиль: 65%
0.00488
Низкий
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-611