ClassGraph before 4.8.112 was not resistant to XML eXternal Entity (XXE) attacks.
CPE | Name | Operator | Version |
---|---|---|---|
io.github.classgraph:classgraph | lt | 4.8.112 |
docs.r3.com/en/platform/corda/4.8/enterprise/release-notes-enterprise.html
github.com/advisories/GHSA-v2xm-76pq-phcf
github.com/classgraph/classgraph/commit/681362ad6b0b9d9abaffb2e07099ce54d7a41fa3
github.com/classgraph/classgraph/pull/539
github.com/classgraph/classgraph/releases/tag/classgraph-4.8.112
nvd.nist.gov/vuln/detail/CVE-2021-47621