Описание
The CycloneDX JavaScript library contains the core functionality of OWASP CycloneDX for JavaScript. In 6.7.0, XML External entity injections were possible, when running the provided XML Validator on arbitrary input. This issue was fixed in version 6.7.1.
Ссылки
EPSS
Процентиль: 24%
0.00079
Низкий
8.1 High
CVSS3
Дефекты
CWE-611
Связанные уязвимости
CVSS3: 8.1
github
больше 1 года назад
@cyclonedx/cyclonedx-library Improper Restriction of XML External Entity Reference vulnerability
EPSS
Процентиль: 24%
0.00079
Низкий
8.1 High
CVSS3
Дефекты
CWE-611