GHSA-7jc7-g598-2p64

Source

https://github.com/advisories/GHSA-7jc7-g598-2p64

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/01/GHSA-7jc7-g598-2p64/GHSA-7jc7-g598-2p64.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-7jc7-g598-2p64

Aliases

CVE-2025-65482

Published

2026-01-20T18:31:57Z

Modified

2026-02-03T03:11:15.144305Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

XDocReport affected by an XML External Entity (XXE) vulnerability

Details

An XML External Entity (XXE) vulnerability in opensagres XDocReport v0.9.2 to v2.0.3 allows attackers to execute arbitrary code via uploading a crafted .docx file.

Database specific

{
    "nvd_published_at": "2026-01-20T16:16:06Z",
    "cwe_ids": [
        "CWE-611"
    ],
    "github_reviewed_at": "2026-01-21T16:56:55Z",
    "severity": "CRITICAL",
    "github_reviewed": true
}

References

Affected packages

Maven / fr.opensagres.xdocreport:fr.opensagres.xdocreport.document

Package

Name: fr.opensagres.xdocreport:fr.opensagres.xdocreport.document; View open source insights on deps.dev
Purl: pkg:maven/fr.opensagres.xdocreport/fr.opensagres.xdocreport.document

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0.9.2

Fixed

2.0.4

Affected versions

0.*

0.9.2

0.9.3

0.9.4

0.9.5

0.9.6

0.9.7

0.9.8

1.*

1.0.0

1.0.1

1.0.2

1.0.3

1.0.4

1.0.5

1.0.6

2.*

2.0.0

2.0.1

2.0.2

2.0.3

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/01/GHSA-7jc7-g598-2p64/GHSA-7jc7-g598-2p64.json"