CVE-2025-64134

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-64134

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-64134.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-64134

Aliases

GHSA-jfg6-4gx3-3v7w

Published

2025-10-29T14:15:57.613Z

Modified

2026-04-10T05:34:24.606434Z

Severity

7.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N CVSS Calculator

Summary

[none]

Details

Jenkins JDepend Plugin 1.3.1 and earlier includes an outdated version of JDepend Maven Plugin that does not configure its XML parser to prevent XML external entity (XXE) attacks.

References

Affected packages

Git / github.com/jenkinsci/jdepend-plugin

Affected ranges

Type

GIT

Repo

https://github.com/jenkinsci/jdepend-plugin

Events

Introduced

Last affected

f0633a0d05db1e45f819adcf895a9da74d404e9a

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.3.1"
        }
    ]
}

Affected versions

jdepend-1.*

jdepend-1.2.4

jdepend-1.3.0

jdepend-1.3.1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-64134.json"