2 results (0.002 seconds)

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1

All versions of com.puppycrawl.tools:checkstyle before 8.29 are vulnerable to XML External Entity (XXE) Injection due to an incomplete fix for CVE-2019-9658. Todas las versiones de com.puppycrawl.tools:checkstyle anteriores a 8.29, son vulnerables a una inyección XML External Entity (XXE) debido a una corrección incompleta para el CVE-2019-9658. • https://lists.apache.org/thread.html/r8aaf4ee16bbaf6204731d4770d96ebb34b258cd79b491f9cdd7f2540%40%3Ccommits.nifi.apache.org%3E https://lists.debian.org/debian-lts-announce/2020/02/msg00008.html https://snyk.io/vuln/SNYK-JAVA-COMPUPPYCRAWLTOOLS-543266 • CWE-611: Improper Restriction of XML External Entity Reference •

CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0

Checkstyle before 8.18 loads external DTDs by default. Checkstyle, en versiones anteriores a la 8.18, carga DTD externas por defecto. • https://checkstyle.org/releasenotes.html#Release_8.18 https://github.com/checkstyle/checkstyle/issues/6474 https://github.com/checkstyle/checkstyle/issues/6478 https://github.com/checkstyle/checkstyle/pull/6476 https://lists.apache.org/thread.html/6bf8bbbca826e883f09ba40bc0d319350e1d6d4cf4df7c9e399b2699%40%3Ccommits.fluo.apache.org%3E https://lists.apache.org/thread.html/7eea10e7be4c21060cb1e79f6524c6e6559ba833b1465cd2870a56b9%40%3Cserver-dev.james.apache.org%3E https://lists.apache.org/thread.html/994221405e940e148adcfd9cb24ffc6700bed70c7820c55a22559d26 • CWE-611: Improper Restriction of XML External Entity Reference •