GHSA-wcp5-m52f-mhh5
Suggest an improvement- Source
- https://github.com/advisories/GHSA-wcp5-m52f-mhh5
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/05/GHSA-wcp5-m52f-mhh5/GHSA-wcp5-m52f-mhh5.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-wcp5-m52f-mhh5
- Aliases
- Published
- 2021-05-07T15:54:36Z
- Modified
- 2023-11-08T04:03:09.238619Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- Improper Restriction of XML External Entity Reference in MPXJ
- Details
-
"MPXJ through 8.1.3 allows XXE attacks. This affects the GanttProjectReader and PhoenixReader components."
- Database specific
{ "nvd_published_at": "2020-08-29T19:15:00Z", "severity": "CRITICAL", "github_reviewed_at": "2021-05-05T19:48:23Z", "github_reviewed": true, "cwe_ids": [ "CWE-611" ] }- References
Affected packages
Maven / net.sf.mpxj:mpxj
Package
- Name
- net.sf.mpxj:mpxj
- View open source insights on deps.dev
- Purl
- pkg:maven/net.sf.mpxj/mpxj
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed8.1.4
Affected versions
4.*
4.7.1
4.7.2
4.7.3
4.7.4
4.7.5
4.7.6
5.*
5.0.0
5.1.0
5.1.4
5.1.9
5.1.10
5.1.11
5.1.12
5.1.13
5.1.15
5.1.16
5.1.17
5.1.18
5.2.0
5.2.1
5.2.2
5.3.0
5.3.1
5.3.2
5.3.3
5.4.0
5.5.0
5.5.1
5.5.2
5.5.3
5.5.4
5.5.5
5.5.6
5.5.7
5.5.8
5.5.9
5.6.0
5.6.1
5.6.2
5.6.3
5.6.4
5.6.5
5.7.0
5.7.1
5.8.0
5.9.0
5.10.0
5.11.0
5.12.0
5.13.0
5.14.0
6.*
6.0.0
6.1.0
6.1.2
6.2.0
7.*
7.0.0
7.0.1
7.0.2
7.0.3
7.1.0
7.2.0
7.2.1
7.3.0
7.4.0
7.4.1
7.4.2
7.4.3
7.4.4
7.5.0
7.6.0
7.6.1
7.6.2
7.6.3
7.7.0
7.7.1
7.8.0
7.8.1
7.8.2
7.8.3
7.8.4
7.9.0
7.9.1
7.9.2
7.9.3
7.9.4
7.9.5
7.9.7
7.9.8
8.*
8.0.0
8.0.2
8.0.3
8.0.4
8.0.5
8.0.6
8.0.7
8.0.8
8.1.0
8.1.1
8.1.2
8.1.3