CVE-2022-0219

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2022-0219

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-0219.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-0219

Aliases

GHSA-r8j4-96mx-rjcc

Published

2022-01-20T16:30:11Z

Modified

2026-04-12T09:22:06.169876Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVSS Calculator

Summary

Improper Restriction of XML External Entity Reference in skylot/jadx

Details

Improper Restriction of XML External Entity Reference in GitHub repository skylot/jadx prior to 1.3.2.

Database specific

{
    "cna_assigner": "@huntrdev",
    "cwe_ids": [
        "CWE-611"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/0xxx/CVE-2022-0219.json"
}

References

Affected packages

Git / github.com/skylot/jadx

Affected ranges

Type: GIT
Repo: https://github.com/skylot/jadx
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

d22db30166e7cb369d72be41382bb63ac8b81c52

Affected versions

v0.*

v0.4

v0.4.1

v0.5.0

v0.5.0-beta1

v0.5.1

v0.5.2

v0.5.4

v0.6.0

v0.6.1

v0.7.1

v0.8.0

v0.9.0

v1.*

v1.0.0

v1.1.0

v1.2.0

v1.3.0

v1.3.1

Database specific

vanir_signatures_modified

"2026-04-12T09:22:06Z"

vanir_signatures

[
    {
        "id": "CVE-2022-0219-8068fb76",
        "target": {
            "file": "jadx-core/src/main/java/jadx/core/export/ExportGradleProject.java",
            "function": "parseXml"
        },
        "deprecated": false,
        "digest": {
            "function_hash": "111967505785515358053120589018294826064",
            "length": 314.0
        },
        "signature_type": "Function",
        "source": "https://github.com/skylot/jadx/commit/d22db30166e7cb369d72be41382bb63ac8b81c52",
        "signature_version": "v1"
    },
    {
        "id": "CVE-2022-0219-a16b7385",
        "target": {
            "file": "jadx-core/src/main/java/jadx/core/export/ExportGradleProject.java"
        },
        "deprecated": false,
        "digest": {
            "line_hashes": [
                "238307007904662738510864419942150207383",
                "6455927101431670997215791357604921002",
                "94942724947180590970763957443170937990",
                "139918223605211959075111408343059884948",
                "1614956592481855629349575543788449524",
                "30901683819665474001219384959750079016",
                "40628183873655653678627559513846861886",
                "260040978679080221248515427556700989614",
                "134988472244988795050339135715352714957",
                "261766663758014712314385155730110589911",
                "288115490171457610132037081983091891437",
                "118259125365512538388953970062722427189"
            ],
            "threshold": 0.9
        },
        "signature_type": "Line",
        "source": "https://github.com/skylot/jadx/commit/d22db30166e7cb369d72be41382bb63ac8b81c52",
        "signature_version": "v1"
    }
]

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-0219.json"