CVE-2022-0839

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2022-0839
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-0839.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-0839
Aliases
Downstream
Published
2022-03-04T14:25:10Z
Modified
2026-04-10T04:42:55.839869Z
Severity
  • 7.3 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CVSS Calculator
Summary
Improper Restriction of XML External Entity Reference in liquibase/liquibase
Details

Improper Restriction of XML External Entity Reference in GitHub repository liquibase/liquibase prior to 4.8.0.

Database specific 
{
    "cna_assigner": "@huntrdev",
    "cwe_ids": [
        "CWE-611"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/0xxx/CVE-2022-0839.json"
}
References

Affected packages

Git / github.com/liquibase/liquibase

Affected ranges

Type
GIT
Repo
https://github.com/liquibase/liquibase
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
887e4418b79087b0e57304423dc5e9ebed0c99d8

Affected versions

lbase-datical-1.*
lbase-datical-1.0-root
liquibase-parent-2.*
liquibase-parent-2.0.2
liquibase-parent-2.0.3
liquibase-parent-3.*
liquibase-parent-3.0.0
liquibase-parent-3.0.0-beta1
liquibase-parent-3.0.0-beta2
liquibase-parent-3.0.0-rc1
liquibase-parent-3.0.0-rc2
liquibase-parent-3.1.0
liquibase-parent-3.2.0
v4.*
v4.0.0
v4.0.0-beta1
v4.0.0-beta2
v4.1.1
v4.2.0
v4.3.0
v4.3.1
v4.3.2
v4.5.0
v4.6.0
v4.6.1
v4.7.1

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-0839.json"