CVE-2019-10244

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2019-10244
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-10244.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2019-10244
Published
2019-04-09T16:29:01.587Z
Modified
2026-04-10T04:13:45.862109Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

In Eclipse Kura versions up to 4.0.0, the Web UI package and component services, the Artemis simple Mqtt component and the emulator position service (not part of the device distribution) could potentially be target of XXE attack due to an improper factory and parser initialisation.

References

Affected packages

Git / github.com/eclipse/kura

Affected ranges

Type
GIT
Repo
https://github.com/eclipse/kura
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
f9f969231892769a269876b23f19fa0e8173e3df
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.0.0"
        }
    ]
}

Affected versions

KURA_3.*
KURA_3.0.0_M1
KURA_3.1.0_M1
KURA_4.*
KURA_4.0.0_M1
KURA_4.0.0_RELEASE

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-10244.json"