PMD 5.8.1 and earlier processes XML external entities in ruleset files it parses as part of the analysis process, allowing attackers tampering it (either by direct modification or MITM attacks when using remote rulesets) to perform information disclosure, denial of service, or request forgery attacks. (PMD 6.x is unaffected because of a 2017-09-15 change.)
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://github.com/pmd/pmd/issues/1650 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2019-02-11T14:00:00
Updated: 2024-08-04T20:54:28.325Z
Reserved: 2019-02-11T00:00:00
Link: CVE-2019-7722
Vulnrichment
No data.
NVD
Status : Modified
Published: 2019-02-11T14:29:00.217
Modified: 2024-11-21T04:48:34.903
Link: CVE-2019-7722
Redhat
No data.