GHSA-p99p-726h-c8v5

Source

https://github.com/advisories/GHSA-p99p-726h-c8v5

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/10/GHSA-p99p-726h-c8v5/GHSA-p99p-726h-c8v5.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-p99p-726h-c8v5

Aliases

CVE-2018-1307

Published

2018-10-19T16:42:15Z

Modified

2023-11-08T03:59:52.339177Z

Severity

8.1 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

Apache juddi-client vulnerable to XML External Entity (XXE)

Details

In Apache jUDDI 3.2 through 3.3.4, if using the WADL2Java or WSDL2Java classes, which parse a local or remote XML document and then mediates the data structures into UDDI data structures, there are little protections present against entity expansion and DTD type of attacks. Mitigation is to use 3.3.5.

Database specific

{
    "nvd_published_at": null,
    "github_reviewed_at": "2020-06-16T21:48:42Z",
    "severity": "HIGH",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-611"
    ]
}

References

Affected packages

Maven / org.apache.juddi:juddi-client

Package

Name: org.apache.juddi:juddi-client; View open source insights on deps.dev
Purl: pkg:maven/org.apache.juddi/juddi-client

Affected ranges

Type: ECOSYSTEM
Events: Introduced

3.2

Fixed

3.3.5

Affected versions

3.*

3.2.0

3.2.1

3.3.0

3.3.1

3.3.2

3.3.3

3.3.4