EUVD-2022-4455

Malicious code in bioql PyPI...

ar.com.fdvs:DynamicJasper (>=4.0.4 <=5.0.8), br.com.prixma:vraptor-jasperreport (>=1.0.0 <=4.1.1) +379 more potentially affected by CVE-2014-3004 via org.codehaus.castor:castor (>=1.0.5 <=1.2)

org.codehaus.castor:castor MAVEN version =1.0.5, =4.0.4, =1.0.0, =1.6, =1.0, =1.0.14, =1.0.14, =1.0.14, =1.0.33, =1.0.14, =1.0.14, =1.0.33, =1.0.33, =1.0.33, =1.0.14, =1.0.37 and more Source cves: CVE-2014-3004 Source advisory: OSV:GHSA-JWWR-FJGH-CV2X...

com.amazonaws.s3:jets3t (=0.5.0), com.cloudbees.cd.plugins.specs:com.cloudbees.cd.plugins.specs.gradle.plugin (>=1.1.10.11 <=1.1.10.29) +143 more potentially affected by CVE-2014-3004 via castor:castor (>=0.9.4 <=1.0)

castor:castor MAVEN version =0.9.4, =1.1.10.11, =1.0, =1.0, =1.0, =1.0, =1.0, =1.0, =1.0, =1.0, =1.0, =1.0, =1.1.1 - geronimo:j2ee-security =1.0 - geronimo:javamail =1.0 - geronimo:jetty =1.0 and more Source cves: CVE-2014-3004 Source advisory: OSV:GHSA-JWWR-FJGH-CV2X...

Improper Restriction of XML External Entity Reference in Castor

The default configuration for the Xerces SAX Parser in Castor before 1.3.3 allows context-dependent attackers to conduct XML External Entity XXE attacks via a crafted XML document...

Security Bulletin: Castor Vulnerability Affects IBM Control Center (CVE-2014-3004)

Summary Castor Library could allow a remote attacker to obtain sensitive information, caused by an XML External Entity Injection XXE error when processing XML data. Vulnerability Details CVEID: CVE-2014-3004 DESCRIPTION: Castor Library could allow a remote attacker to obtain sensitive information...