Описание
Improper Restriction of XML External Entity Reference in GitHub repository liquibase/liquibase prior to 4.8.0.
A flaw was found in Liquiibase's XMLChangeLogSAXParser() function. It uses SAXParser with no FEATURE_SECURE_PROCESSING set, which could possibly allow XML External Entity (XXE) attacks.
Отчет
The impact to Satellite up to 6.11 is very low, as it does not use custom or external XSD in Candlepin's liquibase changelog files. Satellite 6.12 and later versions are not affected by this flaw.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat JBoss Operations Network 3 | liquibase | Out of support scope | ||
| Red Hat Satellite 6 | liquibase | Will not fix | ||
| Red Hat Single Sign-On 7 | Fixed | RHEA-2022:5463 | 30.06.2022 | |
| Red Hat Single Sign-On 7.6 for RHEL 7 | rh-sso7 | Fixed | RHBA-2022:5452 | 30.06.2022 |
| Red Hat Single Sign-On 7.6 for RHEL 7 | rh-sso7-javapackages-tools | Fixed | RHBA-2022:5452 | 30.06.2022 |
| Red Hat Single Sign-On 7.6 for RHEL 7 | rh-sso7-keycloak | Fixed | RHBA-2022:5452 | 30.06.2022 |
| Red Hat Single Sign-On 7.6 for RHEL 8 | rh-sso7 | Fixed | RHBA-2022:5454 | 30.06.2022 |
| Red Hat Single Sign-On 7.6 for RHEL 8 | rh-sso7-javapackages-tools | Fixed | RHBA-2022:5454 | 30.06.2022 |
| Red Hat Single Sign-On 7.6 for RHEL 8 | rh-sso7-keycloak | Fixed | RHBA-2022:5454 | 30.06.2022 |
Показывать по
10
Дополнительная информация
Статус:
Important
Дефект:
CWE-611
https://bugzilla.redhat.com/show_bug.cgi?id=2081484liquibase: Improper Restriction of XML External Entity
EPSS
Процентиль: 28%
0.00101
Низкий
7.3 High
CVSS3
Связанные уязвимости
CVSS3: 9.8
nvd
почти 4 года назад
Improper Restriction of XML External Entity Reference in GitHub repository liquibase/liquibase prior to 4.8.0.
CVSS3: 9.8
github
почти 4 года назад
Improper Restriction of XML External Entity Reference in Liquibase
EPSS
Процентиль: 28%
0.00101
Низкий
7.3 High
CVSS3