CVE-2019-7722

Source
https://nvd.nist.gov/vuln/detail/CVE-2019-7722
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-7722.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2019-7722
Aliases
Published
2019-02-11T14:29:00Z
Modified
2025-01-14T08:06:53.666170Z
Severity
  • 8.1 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

PMD 5.8.1 and earlier processes XML external entities in ruleset files it parses as part of the analysis process, allowing attackers tampering it (either by direct modification or MITM attacks when using remote rulesets) to perform information disclosure, denial of service, or request forgery attacks. (PMD 6.x is unaffected because of a 2017-09-15 change.)

References

Affected packages

Git / github.com/pmd/pmd

Affected ranges

Type
GIT
Repo
https://github.com/pmd/pmd
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected

Affected versions

pmd-build/0.*

pmd-build/0.7
pmd-build/0.8
pmd-build/0.9

pmd_releases/5.*

pmd_releases/5.1.0
pmd_releases/5.1.1
pmd_releases/5.1.2
pmd_releases/5.1.3
pmd_releases/5.2.0
pmd_releases/5.2.1
pmd_releases/5.2.2
pmd_releases/5.2.3
pmd_releases/5.3.0
pmd_releases/5.3.1
pmd_releases/5.3.2
pmd_releases/5.3.3
pmd_releases/5.3.4
pmd_releases/5.3.5
pmd_releases/5.3.6
pmd_releases/5.3.7
pmd_releases/5.3.8
pmd_releases/5.4.0
pmd_releases/5.4.1
pmd_releases/5.4.2
pmd_releases/5.4.3
pmd_releases/5.4.4
pmd_releases/5.4.5
pmd_releases/5.4.6
pmd_releases/5.5.0
pmd_releases/5.5.1
pmd_releases/5.5.2
pmd_releases/5.5.3
pmd_releases/5.5.4
pmd_releases/5.5.5
pmd_releases/5.5.6
pmd_releases/5.5.7
pmd_releases/5.6.0
pmd_releases/5.6.1
pmd_releases/5.7.0
pmd_releases/5.8.0
pmd_releases/5.8.1