[MAVEN:GHSA-MW3R-PFMG-XP92] Improper Restriction of Recursive Entity References in Apache XMLBeans
Severity
Critical
Affected Packages
1
Fixed Packages
1
CVEs
1
The XML parsers used by XMLBeans up to version 2.6.0 did not set the properties needed to protect the user from malicious XML input. Vulnerabilities include possibilities for XML Entity Expansion attacks. Affects XMLBeans up to and including v2.6.0.
| Package | Affected Version |
|---|---|
 pkg:maven/org.apache.xmlbeans/xmlbeans
|
< 3.0.0 |
| Package | Fixed Version |
|---|---|
|
pkg:maven/org.apache.xmlbeans/xmlbeans
|
= 3.0.0 |
- ID
- MAVEN:GHSA-MW3R-PFMG-XP92
- Severity
- critical
- URL
- https://github.com/advisories/GHSA-mw3r-pfmg-xp92
- Published
-
2021-06-16T17:37:11
(3 years ago) - Modified
-
2023-01-27T05:02:27
(20 months ago) - Rights
- Maven Security Team
- Other Advisories
SUSE-SU-2022:3875-1| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |