CVE-2022-4245

CVSS v3.1 4.3 (Medium)

EPSS 0.07 % (30^th)

Affected Products 2

Advisories 1

NVD Status Modified

A flaw was found in codehaus-plexus. The org.codehaus.plexus.util.xml.XmlWriterUtil#writeComment fails to sanitize comments for a --> sequence. This issue means that text contained in the command string could be interpreted as XML and allow for XML injection.

Weaknesses

CWE-611: Improper Restriction of XML External Entity Reference
CWE-91: XML Injection (aka Blind XPath Injection)

CVE Status: PUBLISHED
NVD Status: Modified
CNA: Red Hat, Inc.
Published Date: 2023-09-25 20:15:10
(11 months ago)
Updated Date: 2024-05-03 16:15:08
(4 months ago)

Affected Products

Codehaus-plexus Project

Codehaus-plexus

Redhat

Integration Camel K

Configuration #1

		CPE23	From	Up To
	Codehaus-plexus Project Codehaus-plexus prior 3.0.24 version	cpe:2.3:a:codehaus-plexus_project:codehaus-plexus		< 3.0.24

Configuration #2

		CPE23	From	Up To
	Redhat Integration Camel K prior 1.10.1 version	cpe:2.3:a:redhat:integration_camel_k		< 1.10.1