Описание
All versions of com.puppycrawl.tools:checkstyle before 8.29 are vulnerable to XML External Entity (XXE) Injection due to an incomplete fix for CVE-2019-9658.
Отчет
No Red Hat products use the vulnerable code affected by this flaw. However, Red Hat Fuse 7 does provide it in its offline maven repository, and as such is affected at a low impact. This may be resolved in a future release.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Fuse 7 | checkstyle | Fix deferred |
Показывать по
Дополнительная информация
Статус:
5.3 Medium
CVSS3
Связанные уязвимости
All versions of com.puppycrawl.tools:checkstyle before 8.29 are vulnerable to XML External Entity (XXE) Injection due to an incomplete fix for CVE-2019-9658.
All versions of com.puppycrawl.tools:checkstyle before 8.29 are vulnerable to XML External Entity (XXE) Injection due to an incomplete fix for CVE-2019-9658.
All versions of com.puppycrawl.tools:checkstyle before 8.29 are vulner ...
XML external entity (XXE) processing ('external-parameter-entities' feature was not fully disabled))
5.3 Medium
CVSS3