Описание
A flaw was found in codehaus-plexus. The org.codehaus.plexus.util.xml.XmlWriterUtil#writeComment fails to sanitize comments for a --> sequence. This issue means that text contained in the command string could be interpreted as XML and allow for XML injection.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| A-MQ Clients 2 | codehaus-plexus | Will not fix | ||
| Red Hat AMQ Broker 7 | codehaus-plexus | Will not fix | ||
| Red Hat A-MQ Online | codehaus-plexus | Not affected | ||
| Red Hat build of Apache Camel for Spring Boot 3 | codehaus-plexus | Fix deferred | ||
| Red Hat build of Apicurio Registry 2 | codehaus-plexus | Affected | ||
| Red Hat build of Debezium 1 | codehaus-plexus | Will not fix | ||
| Red Hat build of Quarkus | codehaus-plexus | Affected | ||
| Red Hat Data Grid 8 | codehaus-plexus | Will not fix | ||
| Red Hat Decision Manager 7 | codehaus-plexus | Out of support scope | ||
| Red Hat Enterprise Linux 7 | plexus-utils | Out of support scope |
Показывать по
Дополнительная информация
Статус:
4.3 Medium
CVSS3
Связанные уязвимости
A flaw was found in codehaus-plexus. The org.codehaus.plexus.util.xml.XmlWriterUtil#writeComment fails to sanitize comments for a --> sequence. This issue means that text contained in the command string could be interpreted as XML and allow for XML injection.
A flaw was found in codehaus-plexus. The org.codehaus.plexus.util.xml.XmlWriterUtil#writeComment fails to sanitize comments for a --> sequence. This issue means that text contained in the command string could be interpreted as XML and allow for XML injection.
A flaw was found in codehaus-plexus. The org.codehaus.plexus.util.xml. ...
Уязвимость библиотеки codehaus-plexus фреймворка Apache Maven, связана с неверным ограничением XML-ссылок на внешние объекты, позволяющая нарушителю выполнить произвольный код
4.3 Medium
CVSS3