Описание
A flaw was found in codehaus-plexus. The org.codehaus.plexus.util.xml.XmlWriterUtil#writeComment fails to sanitize comments for a --> sequence. This issue means that text contained in the command string could be interpreted as XML and allow for XML injection.
Ссылки
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- Issue TrackingThird Party Advisory
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- Issue TrackingThird Party Advisory
Уязвимые конфигурации
EPSS
4.3 Medium
CVSS3
Дефекты
Связанные уязвимости
A flaw was found in codehaus-plexus. The org.codehaus.plexus.util.xml.XmlWriterUtil#writeComment fails to sanitize comments for a --> sequence. This issue means that text contained in the command string could be interpreted as XML and allow for XML injection.
A flaw was found in codehaus-plexus. The org.codehaus.plexus.util.xml.XmlWriterUtil#writeComment fails to sanitize comments for a --> sequence. This issue means that text contained in the command string could be interpreted as XML and allow for XML injection.
A flaw was found in codehaus-plexus. The org.codehaus.plexus.util.xml. ...
Уязвимость библиотеки codehaus-plexus фреймворка Apache Maven, связана с неверным ограничением XML-ссылок на внешние объекты, позволяющая нарушителю выполнить произвольный код
EPSS
4.3 Medium
CVSS3