16 matches found
EUVD-2024-2166
Malicious code in bioql PyPI...
CVE-2021-47621
ClassGraph before 4.8.112 was not resistant to XML eXternal Entity XXE attacks...
Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to leaking sensitive information due to the ClassGraph package ( CVE-2021-47621 )
Summary ClassGraph is used by DataStage on Cloud Pak for Data as part of the path and module scanning functionality. Vulnerability Details CVEID:CVE-2021-47621 DESCRIPTION: ClassGraph could allow a remote attacker to obtain sensitive information, caused by improper handling of XML external entity...
Security Bulletin: IBM Observability with Instana (OnPrem) is affected by multiple security vulnerabilities
Summary Multiple vulnerabilities were remediated in IBM Observability with Instana OnPrem build 1.0.291 Vulnerability Details CVEID:CVE-2021-20293 DESCRIPTION: RESTEasy is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit thi...
Security Bulletin: IBM Maximo Application Suite, IBM Truststore Manager and IBM Asset Data Dictionary Component uses third party libraries which is vulnerable to multiple CVEs
Summary IBM Maximo Application Suite, IBM Truststore Manager and IBM Asset Data Dictionary Component uses FlaskCors-4.0.1-py2.py3-none-any.whl, requests-2.31.0-py3-none-any.whl, express-4.19.2.tgz, commons-compress-1.22.jar, commons-io-2.11.0.jar, urllib3-1.26.18-py2.py3-none-any.whl,...
XML External Entity (XXE)
io.github.classgraph:classgraph is vulnerable to XML External Entity XXE. The vulnerability is due to improper handling of external entities during XML processing, which can result in XML External Entity XXE injection attacks that can expose sensitive data or execute malicious code...
ClassGraph XML External Entity Reference
ClassGraph before 4.8.112 was not resistant to XML eXternal Entity XXE attacks...
GHSA-V2XM-76PQ-PHCF ClassGraph XML External Entity Reference
ClassGraph before 4.8.112 was not resistant to XML eXternal Entity XXE attacks...
androidx.room:room-compiler-processing-testing (>=2.3.0 <=2.4.0-alpha04), au.com.dius.pact.provider:gradle (>=4.1.21 <=4.3.0-beta.6) +2871 more potentially affected by CVE-2021-47621 via io.github.classgraph:classgraph (>=4.0.3 <=4.8.110)
io.github.classgraph:classgraph MAVEN version =4.0.3, =2.3.0, =4.1.21, =4.1.21, =4.1.21, =4.1.21, =4.1.21, =4.1.21, =4.1.21, =4.1.21, =4.1.21, =4.1.21, =4.1.21, =1.2.5.RELEASE, =1.2.5.RELEASE, =1.3.5.RELEASE, =1.3.7.RELEASE and more Source cves: CVE-2021-47621 Source advisory:...
CVE-2021-47621
ClassGraph before 4.8.112 was not resistant to XML eXternal Entity XXE attacks...
CVE-2021-47621
ClassGraph before 4.8.112 was not resistant to XML eXternal Entity XXE attacks...
CVE-2021-47621
ClassGraph before 4.8.112 was not resistant to XML eXternal Entity XXE attacks...
ClassGraph Security Vulnerability
ClassGraph is a super-fast parallel class path scanner and module scanner from the ClassGraph open source. A security vulnerability exists in ClassGraph versions prior to 4.8.112 that stems from an inability to defend against XML External Entity XXE attacks...
CVE-2021-47621
CVE-2021-47621 is an XXE vulnerability in ClassGraph up to version 4.8.111, with the fix flighted at 4.8.112 and later. The issue arises because ClassGraph was not resistant to XML External Entity attacks, enabling an attacker to read arbitrary server files via specially crafted XML/POM inputs. P...
CVE-2021-47621
ClassGraph before 4.8.112 was not resistant to XML eXternal Entity XXE attacks...
PT-2024-11501 · Unknown · Classgraph
Name of the Vulnerable Software and Affected Versions: ClassGraph versions prior to 4.8.112 Description: The issue concerns the susceptibility of ClassGraph to XML eXternal Entity XXE attacks. This means that an attacker could potentially exploit the software by injecting malicious XML code,...