GHSA-wcp5-m52f-mhh5

Source

https://github.com/advisories/GHSA-wcp5-m52f-mhh5

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/05/GHSA-wcp5-m52f-mhh5/GHSA-wcp5-m52f-mhh5.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-wcp5-m52f-mhh5

Aliases

CVE-2020-25020

Published

2021-05-07T15:54:36Z

Modified

2023-11-08T04:03:09.238619Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

Improper Restriction of XML External Entity Reference in MPXJ

Details

"MPXJ through 8.1.3 allows XXE attacks. This affects the GanttProjectReader and PhoenixReader components."

Database specific

{
    "github_reviewed_at": "2021-05-05T19:48:23Z",
    "github_reviewed": true,
    "nvd_published_at": "2020-08-29T19:15:00Z",
    "cwe_ids": [
        "CWE-611"
    ],
    "severity": "CRITICAL"
}

References

Affected packages

Maven / net.sf.mpxj:mpxj

Package

Name: net.sf.mpxj:mpxj; View open source insights on deps.dev
Purl: pkg:maven/net.sf.mpxj/mpxj

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

8.1.4

Affected versions

4.*

4.7.1

4.7.2

4.7.3

4.7.4

4.7.5

4.7.6

5.*

5.0.0

5.1.0

5.1.4

5.1.9

5.1.10

5.1.11

5.1.12

5.1.13

5.1.15

5.1.16

5.1.17

5.1.18

5.2.0

5.2.1

5.2.2

5.3.0

5.3.1

5.3.2

5.3.3

5.4.0

5.5.0

5.5.1

5.5.2

5.5.3

5.5.4

5.5.5

5.5.6

5.5.7

5.5.8

5.5.9

5.6.0

5.6.1

5.6.2

5.6.3

5.6.4

5.6.5

5.7.0

5.7.1

5.8.0

5.9.0

5.10.0

5.11.0

5.12.0

5.13.0

5.14.0

6.*

6.0.0

6.1.0

6.1.2

6.2.0

7.*

7.0.0

7.0.1

7.0.2

7.0.3

7.1.0

7.2.0

7.2.1

7.3.0

7.4.0

7.4.1

7.4.2

7.4.3

7.4.4

7.5.0

7.6.0

7.6.1

7.6.2

7.6.3

7.7.0

7.7.1

7.8.0

7.8.1

7.8.2

7.8.3

7.8.4

7.9.0

7.9.1

7.9.2

7.9.3

7.9.4

7.9.5

7.9.7

7.9.8

8.*

8.0.0

8.0.2

8.0.3

8.0.4

8.0.5

8.0.6

8.0.7

8.0.8

8.1.0

8.1.1

8.1.2

8.1.3