Описание
In Eclipse JGit versions 7.2.0.202503040940-r and older, the ManifestParser class used by the repo command and the AmazonS3 class used to implement the experimental amazons3 git transport protocol allowing to store git pack files in an Amazon S3 bucket, are vulnerable to XML External Entity (XXE) attacks when parsing XML files. This vulnerability can lead to information disclosure, denial of service, and other security issues.
A flaw was found in Eclipse JGit. This vulnerability can allow information disclosure, denial of service, and other security issues via parsing XML files.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| A-MQ Clients 2 | org.eclipse.jgit | Fix deferred | ||
| A-MQ Clients 2 | org.eclipse.jgit.http.apache | Fix deferred | ||
| Cryostat 3 | org.eclipse.jgit | Fix deferred | ||
| Cryostat 4 | org.eclipse.jgit | Fix deferred | ||
| Logging Subsystem for Red Hat OpenShift | org.eclipse.jgit | Fix deferred | ||
| OpenShift Developer Tools and Services | jenkins-2-plugins | Fix deferred | ||
| Red Hat AMQ Broker 7 | org.eclipse.jgit | Fix deferred | ||
| Red Hat build of Apache Camel for Spring Boot 4 | org.eclipse.jgit | Fix deferred | ||
| Red Hat build of Apicurio Registry 2 | org.eclipse.jgit | Fix deferred | ||
| Red Hat build of Apicurio Registry 2 | org.eclipse.jgit.ssh.jsch | Fix deferred |
Показывать по
Ссылки на источники
Дополнительная информация
Статус:
EPSS
4.8 Medium
CVSS3
Связанные уязвимости
In Eclipse JGit versions 7.2.0.202503040940-r and older, the ManifestParser class used by the repo command and the AmazonS3 class used to implement the experimental amazons3 git transport protocol allowing to store git pack files in an Amazon S3 bucket, are vulnerable to XML External Entity (XXE) attacks when parsing XML files. This vulnerability can lead to information disclosure, denial of service, and other security issues.
In Eclipse JGit versions 7.2.0.202503040940-r and older, the ManifestParser class used by the repo command and the AmazonS3 class used to implement the experimental amazons3 git transport protocol allowing to store git pack files in an Amazon S3 bucket, are vulnerable to XML External Entity (XXE) attacks when parsing XML files. This vulnerability can lead to information disclosure, denial of service, and other security issues.
In Eclipse JGit versions 7.2.0.202503040940-r and older, the ManifestP ...
EPSS
4.8 Medium
CVSS3