GHSA-57qj-79gh-69w8

Source

https://github.com/advisories/GHSA-57qj-79gh-69w8

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-57qj-79gh-69w8/GHSA-57qj-79gh-69w8.json

Aliases

CVE-2019-7722

Published

2022-05-14T01:33:06Z

Modified

2023-11-08T04:01:39.222625Z

Details

PMD 5.8.1 and earlier processes XML external entities in ruleset files it parses as part of the analysis process, allowing attackers tampering it (either by direct modification or MITM attacks when using remote rulesets) to perform information disclosure, denial of service, or request forgery attacks. (PMD 6.x is unaffected because of a 2017-09-15 change.)

References

Affected packages

Maven / net.sourceforge.pmd:pmd-core

Package

Name: net.sourceforge.pmd:pmd-core

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

6.0.0

Affected versions

5.*

5.2.0

5.2.1

5.2.2

5.2.3

5.3.0

5.3.1

5.3.2

5.3.3

5.3.4

5.3.5

5.3.6

5.3.7

5.3.8

5.4.0

5.4.1

5.4.2

5.4.3

5.4.4

5.4.5

5.4.6

5.5.0

5.5.1

5.5.2

5.5.3

5.5.4

5.5.5

5.5.6

5.5.7

5.6.0

5.6.1

5.7.0

5.8.0

5.8.1

Database specific

{
    "last_known_affected_version_range": "<= 5.8.1"
}