2 matches found
CVE-2019-7722
PMD 5.8.1 and earlier processes XML external entities in ruleset files it parses as part of the analysis process, allowing attackers tampering it either by direct modification or MITM attacks when using remote rulesets to perform information disclosure, denial of service, or request forgery...
CVE-2019-7722
PMD 5.8.1 and earlier is vulnerable to XML External Entity (XXE) processing in ruleset files parsed during analysis. The underlying issue is the handling of XML external entities, which attackers can exploit by tampering with the ruleset (direct modification or via MITM when remote rulesets are u...