2 matches found
CVE-2024-38374 vulnerabilities
Vulnerabilities for packages: dependency-track...
CVE-2024-38374
CVE-2024-38374 affects CycloneDX core (cyclonedx-core-java): before deserializing XML BOMs, an insecurely configured DocumentBuilderFactory used in XPath evaluation allowed XXE injection. The issue was fixed in cyclonedx-core-java 9.0.4; later notes indicate the XML Validator path was also affect...