Lucene search
GoogleOSV:GHSA-57QJ-79GH-69W8HistoryMay 14, 2022 - 1:33 a.m.
Improper Restriction of XML External Entity Reference in PMD
2022-05-1401:33:06
Google
osv.dev
11
pmd
xml external entity
information disclosure
denial of service
request forgery
software
EPSS
0.002
Percentile
54.2%
PMD 5.8.1 and earlier processes XML external entities in ruleset files it parses as part of the analysis process, allowing attackers tampering it (either by direct modification or MITM attacks when using remote rulesets) to perform information disclosure, denial of service, or request forgery attacks. (PMD 6.x is unaffected because of a 2017-09-15 change.)
Related
osv
osv
CVE-2019-7722
2019-02-11 14:29:00
cvelist
cvelist
CVE-2019-7722
2019-02-11 14:00:00
veracode
veracode
XML External Entity (XXE)
2019-02-12 05:47:22
github
github
Improper Restriction of XML External Entity Reference in PMD
2022-05-14 01:33:06
cve
cve
CVE-2019-7722
2019-02-11 14:29:00
prion
prion
Server side request forgery (ssrf)
2019-02-11 14:29:00
nvd
nvd
CVE-2019-7722
2019-02-11 14:29:00