15 matches found
A Bootiful Podcast: Cay Horstmaan, legendary Java professor, author, lecturer
Hi, Spring fans! In this installment, we talk to the legendary Java author, professor, and Java Champion Cay Horstmann, whom you might know from classics such as "Core Java." his web site And of course even the most cursory search will land you at his books... javaone java...
OESA-2026-1319 xmpcore security update
The XMP Library for Java is based on the C++ XMPCore library and the API is similar. Security Fixes: XMPCore in Adobe XMP Toolkit for Java before 5.1.3 allows remote attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference,...
Important: Red Hat Security Advisory: Red Hat build of Quarkus 3.27.1 release and security update
An update is now available for Red Hat build of Quarkus. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability. For more information...
cyclonedx-core-java: CycloneDX Core (Java): BOM validation is vulnerable to XML External Entity injection
An XML External Entity XXE injection vulnerability was found in the CycloneDX Java core library’s XML validation step where the XML Validator was not configured securely. When a specially crafted CycloneDX BOM XML is validated, external XML entities can be processed XXE, allowing an attacker to...
CVE-2025-64518
CVE-2025-64518 affects CycloneDX core (Java). From 2.1.0 up to but excluding 11.0.1, the XML Validator in cyclonedx-core-java was insecurely configured, enabling XML External Entity (XXE) injection. The issue is tied to incomplete mitigation that fixed parsing but not validation (GHSA-683x-4444-j...
CVE-2025-64518 CycloneDX Core (Java): BOM validation is vulnerable to XML External Entity injection
The CycloneDX core module provides a model representation of the SBOM along with utilities to assist in creating, validating, and parsing SBOMs. Starting in version 2.1.0 and prior to version 11.0.1, the XML Validator used by cyclonedx-core-java was not configured securely, making the library...
CVE-2025-64518 CycloneDX Core (Java): BOM validation is vulnerable to XML External Entity injection
The CycloneDX core module provides a model representation of the SBOM along with utilities to assist in creating, validating, and parsing SBOMs. Starting in version 2.1.0 and prior to version 11.0.1, the XML Validator used by cyclonedx-core-java was not configured securely, making the library...
GHSA-6FHJ-VR9J-G45R CycloneDX Core (Java): BOM validation is vulnerable to XML External Entity injection
Impact The XML Validator used by cyclonedx-core-java was not configured securely, making the library vulnerable to XML External Entity XXE injection. The fix for GHSA-683x-4444-jxh8 / CVE-2024-38374 has been incomplete in that it only fixed parsing of XML BOMs, but not validation. Patches The...
CycloneDX Core (Java): BOM validation is vulnerable to XML External Entity injection
Impact The XML Validator used by cyclonedx-core-java was not configured securely, making the library vulnerable to XML External Entity XXE injection. The fix for GHSA-683x-4444-jxh8 / CVE-2024-38374 has been incomplete in that it only fixed parsing of XML BOMs, but not validation. Patches The...
PT-2025-46213
Name of the Vulnerable Software and Affected Versions CycloneDX versions 2.1.0 through 11.0.1 Description The CycloneDX core module, used for creating, validating, and parsing SBOMs, contains a flaw due to an insecurely configured XML Validator. This allows for XML External Entity XXE injection...
CVE-2024-38374 Improper Restriction of XML External Entity Reference in org.cyclonedx:cyclonedx-core-java
The CycloneDX core module provides a model representation of the SBOM along with utilities to assist in creating, validating, and parsing SBOMs. Before deserializing CycloneDX Bill of Materials in XML format, cyclonedx-core-java leverages XPath expressions to determine the schema version of the...
GHSA-683X-4444-JXH8 Improper Restriction of XML External Entity Reference in org.cyclonedx:cyclonedx-core-java
Impact Before deserializing CycloneDX Bill of Materials in XML format, cyclonedx-core-java leverages XPath expressions to determine the schema version of the BOM. The DocumentBuilderFactory used to evaluate XPath expressions was not configured securely, making the library vulnerable to XML Extern...
CVE-2024-38374
creationtimestamp| type| source ---|---|--- 2024-06-24 09:20:38+00:00| published-proof-of-concept| https://github.com/CycloneDX/cyclonedx-core-java/security/advisories/GHSA-683x-4444-jxh8...
PT-2024-27967
Name of the Vulnerable Software and Affected Versions cyclonedx-core-java versions prior to 9.0.4 Description The CycloneDX core module provides a model representation of SBOMs and utilities for creating, validating, and parsing them. Before deserializing CycloneDX Bill of Materials in XML format...
PT-2022-8867 · Radare2 +1 · Radare2 +1
Name of the Vulnerable Software and Affected Versions: radare2 affected versions not specified Description: A flaw was found in radare2 due to a mismatched array length in core java.c, which could allow an attacker to cause a crash and perform a denial of service attack. Recommendations: At the...