Lucene search
K

5 matches found

Github Security Blog
Github Security Blog
added 2024/06/24 8:44 p.m.29 views

Improper Restriction of XML External Entity Reference in org.cyclonedx:cyclonedx-core-java

Impact Before deserializing CycloneDX Bill of Materials in XML format, cyclonedx-core-java leverages XPath expressions to determine the schema version of the BOM. The DocumentBuilderFactory used to evaluate XPath expressions was not configured securely, making the library vulnerable to XML Extern...

7.5CVSS7AI score0.00589EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2022/03/22 5:15 p.m.24 views

CVE-2022-24774

CycloneDX BOM Repository Server is a bill of materials BOM repository server for distributing CycloneDX BOMs. CycloneDX BOM Repository Server before version 2.0.1 has an improper input validation vulnerability leading to path traversal. A malicious user may potentially exploit this vulnerability ...

8.1CVSS0.01394EPSS
Exploits0References3
OSV
OSV
added 2022/03/22 4:35 p.m.20 views

CVE-2022-24774 Improper Input Validation leading to Path Traversal in CycloneDX BOM Repository Server

CycloneDX BOM Repository Server is a bill of materials BOM repository server for distributing CycloneDX BOMs. CycloneDX BOM Repository Server before version 2.0.1 has an improper input validation vulnerability leading to path traversal. A malicious user may potentially exploit this vulnerability ...

7.1CVSS7.9AI score0.01394EPSS
Exploits0References5
Cvelist
Cvelist
added 2022/03/22 4:35 p.m.31 views

CVE-2022-24774 Improper Input Validation leading to Path Traversal in CycloneDX BOM Repository Server

CycloneDX BOM Repository Server is a bill of materials BOM repository server for distributing CycloneDX BOMs. CycloneDX BOM Repository Server before version 2.0.1 has an improper input validation vulnerability leading to path traversal. A malicious user may potentially exploit this vulnerability ...

7.1CVSS8.2AI score0.01394EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/03/22 12:0 a.m.4 views

CycloneDX BOM Repository Server 路径遍历漏洞

CycloneDX BOM Repository Server is a BOM repository server. It is used to distribute CycloneDX BOMs. A path traversal vulnerability exists in CycloneDX BOM Repository Server versions prior to 2.0.1, which stems from incorrect input validation leading to path traversal issues. An attacker can use...

8.1CVSS7.9AI score0.01394EPSS
Exploits0References4
Rows per page
Query Builder