GHSA-x832-fpvj-r5ph

Source

https://github.com/advisories/GHSA-x832-fpvj-r5ph

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/11/GHSA-x832-fpvj-r5ph/GHSA-x832-fpvj-r5ph.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-x832-fpvj-r5ph

Aliases

CVE-2025-66372

Published

2025-11-28T06:32:06Z

Modified

2025-12-01T21:12:55.742383Z

Severity

2.8 (Low) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N CVSS Calculator

Summary

Mustangproject allows exfiltrating files via XXE attacks

Details

Mustang before 2.16.3 allows exfiltrating files via XXE attacks.

Database specific

{
    "severity": "LOW",
    "nvd_published_at": "2025-11-28T04:16:01Z",
    "github_reviewed_at": "2025-12-01T20:46:20Z",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-611"
    ]
}

References

Affected packages

Maven / org.mustangproject:library

Package

Name: org.mustangproject:library; View open source insights on deps.dev
Purl: pkg:maven/org.mustangproject/library

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.16.3

Affected versions

2.*

2.0.0-alpha3

2.0.0

2.0.1

2.0.2

2.0.3

2.1.0

2.1.1

2.2.0

2.2.1

2.3.0

2.3.1

2.3.2

2.3.3

2.4.0

2.5.0

2.5.1

2.5.2

2.5.3

2.5.4

2.5.5

2.5.6

2.5.7

2.6.0

2.6.1

2.6.2

2.7.0

2.7.1

2.7.2

2.7.3

2.8.0

2.9.0

2.10.0

2.11.0

2.12.0

2.13.0

2.14.0

2.14.1

2.14.2

2.15.0

2.15.1

2.15.2

2.16.0

2.16.1

2.16.2

Maven / org.mustangproject:validator