3 results (0.008 seconds)

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1

All versions of com.puppycrawl.tools:checkstyle before 8.29 are vulnerable to XML External Entity (XXE) Injection due to an incomplete fix for CVE-2019-9658. Todas las versiones de com.puppycrawl.tools:checkstyle anteriores a 8.29, son vulnerables a una inyección XML External Entity (XXE) debido a una corrección incompleta para el CVE-2019-9658. • https://lists.apache.org/thread.html/r8aaf4ee16bbaf6204731d4770d96ebb34b258cd79b491f9cdd7f2540%40%3Ccommits.nifi.apache.org%3E https://lists.debian.org/debian-lts-announce/2020/02/msg00008.html https://snyk.io/vuln/SNYK-JAVA-COMPUPPYCRAWLTOOLS-543266 • CWE-611: Improper Restriction of XML External Entity Reference •

CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0

Checkstyle before 8.18 loads external DTDs by default. Checkstyle, en versiones anteriores a la 8.18, carga DTD externas por defecto. • https://checkstyle.org/releasenotes.html#Release_8.18 https://github.com/checkstyle/checkstyle/issues/6474 https://github.com/checkstyle/checkstyle/issues/6478 https://github.com/checkstyle/checkstyle/pull/6476 https://lists.apache.org/thread.html/6bf8bbbca826e883f09ba40bc0d319350e1d6d4cf4df7c9e399b2699%40%3Ccommits.fluo.apache.org%3E https://lists.apache.org/thread.html/7eea10e7be4c21060cb1e79f6524c6e6559ba833b1465cd2870a56b9%40%3Cserver-dev.james.apache.org%3E https://lists.apache.org/thread.html/994221405e940e148adcfd9cb24ffc6700bed70c7820c55a22559d26 • CWE-611: Improper Restriction of XML External Entity Reference •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

Jenkins Checkstyle Plugin 3.49 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks. Jenkins Checkstyle Plugin en versiones 3.49 y anteriores procesa entidades XML externas en archivos que analiza como parte del proceso de build. Esto permite que atacantes con permisos de usuario en Jenkins extraigan secretos del master de Jenkins, realicen Server-Side Request Forgery o ataques de denegación de servicio (DoS). • https://jenkins.io/security/advisory/2018-01-22 • CWE-611: Improper Restriction of XML External Entity Reference •