6 matches found
Linux Distros Unpatched Vulnerability : CVE-2023-42445
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Gradle is a build tool with a focus on build automation and support for multi-language development. In some cases, when Gradle parses XML files, resolving XML...
RHEL 6 : gradle (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - gradle: Possible local text file exfiltration by XML External entity injection CVE-2023-42445 - gradle:...
Important: Red Hat Security Advisory: Red Hat AMQ Streams 2.6.0 release and security update
Red Hat AMQ Streams 2.6.0 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...
CVE-2023-42445
CVE-2023-42445 affects Gradle: XML External Entity (XXE) resolution was not disabled in some parsing paths, enabling potential exfiltration of local text files via XML parsing with an OOB-XXE scenario. Documents confirm Gradle now disables XML external entities for all use cases in Gradle 7.6.3 a...
CVE-2023-42445 Possible local file exfiltration by XML External entity injection
Gradle is a build tool with a focus on build automation and support for multi-language development. In some cases, when Gradle parses XML files, resolving XML external entities is not disabled. Combined with an Out Of Band XXE attack OOB-XXE, just parsing XML can lead to exfiltration of local tex...
CVE-2023-42445 Possible local file exfiltration by XML External entity injection
Gradle is a build tool with a focus on build automation and support for multi-language development. In some cases, when Gradle parses XML files, resolving XML external entities is not disabled. Combined with an Out Of Band XXE attack OOB-XXE, just parsing XML can lead to exfiltration of local tex...