2 matches found
org.apache.juddi.client.plugins:juddi-client-plugins (>=3.2.1 <=3.3.4), org.apache.juddi.client.plugins:juddi-ddl-generator (>=3.2.1 <=3.3.4) +28 more potentially affected by CVE-2018-1307 via org.apache.juddi:juddi-client (>=3.2.0 <=3.3.4)
org.apache.juddi:juddi-client MAVEN version =3.2.0, =3.2.1, =3.2.1, =3.2.1, =3.2.0, =3.2.0, =3.2.0, =3.2.0, =3.2.0, =3.2.0, =3.2.0, =3.3.0, =3.2.0, =3.3.10 and more Source cves: CVE-2018-1307 Source advisory: OSV:GHSA-P99P-726H-C8V5...
CVE-2018-1307
CVE-2018-1307 affects Apache jUDDI 3.2–3.3.4, where WADL2Java/WSDL2Java parsers expose inadequate protections against XML External Entity expansion and DTD-type attacks. The practical consequence is exposure to XXE-type vulnerabilities when processing local/remote XML into UDDI structures. The mi...