CVE-2022-0265

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-0265

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-0265.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-0265

Aliases

GHSA-99wh-973f-779p

Published

2022-03-03T22:15:08Z

Modified

2025-10-21T06:44:16.855269Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Improper Restriction of XML External Entity Reference in GitHub repository hazelcast/hazelcast in 5.1-BETA-1.

References

Affected packages

Git / github.com/hazelcast/hazelcast

Affected ranges

Type: GIT
Repo: https://github.com/hazelcast/hazelcast
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

4d6b666cd0291abd618c3b95cdbb51aa4208e748

Affected versions

v2.*

v2.0

v2.0.1

v2.0.2

v2.1

v2.1.1

v2.1.2

v2.1.3

v2.2

v2.3

v2.3.1

v2.4

v2.4.1

v2.5

v2.5.1

v2.6

v2.6.1

v3.*

v3.0

v3.0-RC1

v3.0.1

v3.0.2

v3.0.3

v3.1

v3.1.1

v3.1.2

v3.1.3

v3.1.4

v3.1.5

v3.1.6

v3.1.7

v3.2

v3.2-RC1

v3.2-RC2

v3.2.1

v3.2.2

v3.3-EA

v3.3-EA2

v3.5.1-stale

v3.6-BEFORE-SYNC

v3.6-WITH-SYNC

Database specific

vanir_signatures

[
    {
        "id": "CVE-2022-0265-2642dfe7",
        "target": {
            "file": "hazelcast/src/test/java/com/hazelcast/internal/util/XmlUtilTest.java"
        },
        "digest": {
            "line_hashes": [
                "143433457101903836927512141946668239481",
                "143264415324238305670178837955169805318",
                "16725839911482363078626755158018901137",
                "167568837272694373981240044143234758578",
                "162627443422246386933074437177688639266",
                "89420978300655439147569773729902678096",
                "108432983993056277199639922105407039249",
                "187217663427440579596979109580988874455",
                "210828925992132403172167186046560599897",
                "304519003485506692364558500753108877553",
                "243311464505544961109832353580438365578",
                "330704143963564327166046524418225690848",
                "232055742871079391335589366607765549222",
                "3300892109408280985899499035513070132",
                "211722072270930995880018981463032463151",
                "8666393019634348098563932705045831640",
                "94259220322393783486350873525304878746",
                "188628785271754465168981730603145294497",
                "261563595121120063255589214089368396286",
                "32112824637269519312693856963860963291",
                "279514092887576377356579579095160175626",
                "10305371627295671447410905688487449213",
                "294065816120542552016361331618336758513",
                "224883430958328884474612833426651293041",
                "221700803402246357359922967260668069725"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://github.com/hazelcast/hazelcast/commit/4d6b666cd0291abd618c3b95cdbb51aa4208e748",
        "signature_type": "Line"
    },
    {
        "id": "CVE-2022-0265-4f67a2c4",
        "target": {
            "function": "testFormat",
            "file": "hazelcast/src/test/java/com/hazelcast/internal/util/XmlUtilTest.java"
        },
        "digest": {
            "length": 670.0,
            "function_hash": "31329638635561983277444704336829090436"
        },
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://github.com/hazelcast/hazelcast/commit/4d6b666cd0291abd618c3b95cdbb51aa4208e748",
        "signature_type": "Function"
    },
    {
        "id": "CVE-2022-0265-53ca4908",
        "target": {
            "file": "hazelcast/src/main/java/com/hazelcast/internal/util/XmlUtil.java"
        },
        "digest": {
            "line_hashes": [
                "220306376122909878290545890463207150049",
                "117784562842242237438695230959091139343",
                "220579301204531891317771964560861406868",
                "337520155802861371473594482624049477512",
                "63463406280238557925168035647013326919",
                "329441970767867480762527758387830386982",
                "142831076438357319071465596262650462747",
                "202595620253934734762534153472667983051",
                "333277114570787774830554264074054192466",
                "119015603005145960303127012455142395245",
                "276872027420449055927404173860716536824",
                "206822523581767359873618734236819014149",
                "260884238588112590148401424879064652930",
                "301325313767313766028878922385795300416",
                "147862378732155015145672196286595924835",
                "105434885011153617205883541969593204716",
                "158320137372969902981253741014061015879",
                "209536411554064145427843230982924609330",
                "49160438046922882106306091019743665603",
                "184372872687703135646277226319698554929",
                "67318536124873959666152776970167700142",
                "252709441073314681004192396797882881987",
                "130708333237305247180818811021398508395",
                "305400341993270473878297576181282580537",
                "46255479367281813885582551902325379467",
                "69872131647729648498740342522110906627",
                "330264224331142371069982749104619836671",
                "13572302740547741169591080473780113420",
                "81765898140504838130405693024232612316",
                "58311831032784347258877962639558066367",
                "194222082881883344836086910566573733364",
                "120907481636204902399851660549288455726",
                "164321817749517183047557533092938657223",
                "55713352223882213742385437457223263383",
                "284490138856594303489347214910005396100",
                "311520740758969638036823796316559793126",
                "283165919638995029536454027832274286804",
                "3898805155890640656314744022143351022",
                "242584968458108502381487566249729047429",
                "184312112595134381288443269912059421736",
                "187030036183416927199236238024604434455",
                "283191374050092454008708414442623805600",
                "333127000008848072318115593335175965204",
                "43231089267410063828894616756594778128",
                "145988128837074364503949629303925225687",
                "270466655136037174806558862928944011747",
                "89155216758844374342967769374608097803",
                "236475231317952517215307892752730311084",
                "202953112843188937063638618963593920600",
                "191150049184719174918849761168383374645",
                "332622403933779218529695953005004151760",
                "63873733299292816805921404082760710388",
                "221156733725182370271127501702424198388",
                "40005257822710126676980476113207635896",
                "297803000527143455336927564081397057250",
                "276910592699050031514106368425317721879",
                "3596533831213525709717686388942572730",
                "323117765289286585466763923886059203390",
                "193349627412214981906858261919701388645",
                "270586406130689403390240750370466164197",
                "311974197425857756693056719311950889045",
                "145988128837074364503949629303925225687",
                "270466655136037174806558862928944011747",
                "89155216758844374342967769374608097803",
                "236475231317952517215307892752730311084",
                "202953112843188937063638618963593920600",
                "198591619371764361500426480160714106662"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://github.com/hazelcast/hazelcast/commit/4d6b666cd0291abd618c3b95cdbb51aa4208e748",
        "signature_type": "Line"
    },
    {
        "id": "CVE-2022-0265-93267f89",
        "target": {
            "function": "getNsAwareDocumentBuilderFactory",
            "file": "hazelcast/src/main/java/com/hazelcast/internal/util/XmlUtil.java"
        },
        "digest": {
            "length": 208.0,
            "function_hash": "203879290092569252727850168843544565607"
        },
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://github.com/hazelcast/hazelcast/commit/4d6b666cd0291abd618c3b95cdbb51aa4208e748",
        "signature_type": "Function"
    },
    {
        "id": "CVE-2022-0265-bf721e96",
        "target": {
            "function": "setFeature",
            "file": "hazelcast/src/main/java/com/hazelcast/internal/util/XmlUtil.java"
        },
        "digest": {
            "length": 1112.0,
            "function_hash": "67084741499527725987311041754231112138"
        },
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://github.com/hazelcast/hazelcast/commit/4d6b666cd0291abd618c3b95cdbb51aa4208e748",
        "signature_type": "Function"
    },
    {
        "id": "CVE-2022-0265-c58ad94d",
        "target": {
            "function": "AbstractXmlConfigRootTagRecognizer",
            "file": "hazelcast/src/main/java/com/hazelcast/internal/config/AbstractXmlConfigRootTagRecognizer.java"
        },
        "digest": {
            "length": 136.0,
            "function_hash": "169588457770676729328190780709580221688"
        },
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://github.com/hazelcast/hazelcast/commit/4d6b666cd0291abd618c3b95cdbb51aa4208e748",
        "signature_type": "Function"
    },
    {
        "id": "CVE-2022-0265-e353527f",
        "target": {
            "function": "setProperty",
            "file": "hazelcast/src/main/java/com/hazelcast/internal/util/XmlUtil.java"
        },
        "digest": {
            "length": 1062.0,
            "function_hash": "335483197027637464166438627203320202192"
        },
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://github.com/hazelcast/hazelcast/commit/4d6b666cd0291abd618c3b95cdbb51aa4208e748",
        "signature_type": "Function"
    },
    {
        "id": "CVE-2022-0265-f13aef70",
        "target": {
            "file": "hazelcast/src/main/java/com/hazelcast/internal/config/AbstractXmlConfigRootTagRecognizer.java"
        },
        "digest": {
            "line_hashes": [
                "314100040060982325413919065280271982094",
                "36506085335580643303169383225759221632",
                "227126087028363813535240516501849537971",
                "61414114981765105736716758069389125283",
                "281778869838324119408680061279537249635",
                "296126765186712315638633324885740923082",
                "124711172282621550506864786399686753046"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://github.com/hazelcast/hazelcast/commit/4d6b666cd0291abd618c3b95cdbb51aa4208e748",
        "signature_type": "Line"
    },
    {
        "id": "CVE-2022-0265-fb6eec17",
        "target": {
            "function": "setAttribute",
            "file": "hazelcast/src/main/java/com/hazelcast/internal/util/XmlUtil.java"
        },
        "digest": {
            "length": 1072.0,
            "function_hash": "282785996555952033729414433644411729325"
        },
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://github.com/hazelcast/hazelcast/commit/4d6b666cd0291abd618c3b95cdbb51aa4208e748",
        "signature_type": "Function"
    }
]