2 matches found
org.powertac:accounting (>=0.1.0 <=1.9.0), org.powertac:auctioneer (>=0.1.0 <=1.9.0) +13 more potentially affected by CVE-2024-51135 via org.powertac:server-interface (>=0.1.0 <=1.9.0)
org.powertac:server-interface MAVEN version =0.1.0, =0.1.0, =0.1.0, =1.1.0, =1.1.0, =0.1.0, =0.1.0, =1.2.0, =0.1.0, =0.1.0, =0.1.0, =1.3.1, =0.5.0, =0.1.0, =0.5.0, =1.4.1, =1.9.0 Source cves: CVE-2024-51135 Source advisory: OSV:GHSA-PGRC-8WP5-5MVQ...
CVE-2024-51135
An XML External Entity XXE vulnerability in the component DocumentBuilderFactory of powertac-server v1.9.0 allows attackers to access sensitive information or execute arbitrary code via supplying a crafted request containing malicious XML entities...