5 matches found
CVE-2022-0272
Improper Restriction of XML External Entity Reference in GitHub repository detekt/detekt prior to 1.20.0...
com.github.ozsie:detekt-maven-plugin (>=1.0.0 <=1.19.1), de.manuzid:static-code-review-plugin (>=1.0.0 <=1.1.0) +10 more potentially affected by CVE-2022-0272 via io.gitlab.arturbosch.detekt:detekt-core (>=1.0.0-RC10 <=1.20.0-RC2)
io.gitlab.arturbosch.detekt:detekt-core MAVEN version =1.0.0-RC10, =1.0.0, =1.0.0, =0.9.4, =0.9.6, =0.3.0, =0.3.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0-gradle-rework-beta1, =2.2.0, =2.6.0 Source cves: CVE-2022-0272 Source advisory: OSV:GHSA-2CFC-865J-GM4W...
CVE-2022-0272
Improper Restriction of XML External Entity Reference in GitHub repository detekt/detekt prior to 1.20.0...
CVE-2022-0272 Improper Restriction of XML External Entity Reference in detekt/detekt
Improper Restriction of XML External Entity Reference in GitHub repository detekt/detekt prior to 1.20.0...
CVE-2022-0272
CVE-2022-0272 concerns the Kotlin static analysis tool detekt. Multiple connected sources confirm an XML External Entity (XXE) restriction flaw in detekt/detekt prior to 1.20.0, attributed to the XML processing path (e.g., the read function in BaselineFormat.kt). Impact details in the sources ali...