5 matches found
Improper Restriction of XML External Entity Reference in org.cyclonedx:cyclonedx-core-java
Impact Before deserializing CycloneDX Bill of Materials in XML format, cyclonedx-core-java leverages XPath expressions to determine the schema version of the BOM. The DocumentBuilderFactory used to evaluate XPath expressions was not configured securely, making the library vulnerable to XML Extern...
CVE-2022-24774
CycloneDX BOM Repository Server is a bill of materials BOM repository server for distributing CycloneDX BOMs. CycloneDX BOM Repository Server before version 2.0.1 has an improper input validation vulnerability leading to path traversal. A malicious user may potentially exploit this vulnerability ...
CVE-2022-24774 Improper Input Validation leading to Path Traversal in CycloneDX BOM Repository Server
CycloneDX BOM Repository Server is a bill of materials BOM repository server for distributing CycloneDX BOMs. CycloneDX BOM Repository Server before version 2.0.1 has an improper input validation vulnerability leading to path traversal. A malicious user may potentially exploit this vulnerability ...
CVE-2022-24774 Improper Input Validation leading to Path Traversal in CycloneDX BOM Repository Server
CycloneDX BOM Repository Server is a bill of materials BOM repository server for distributing CycloneDX BOMs. CycloneDX BOM Repository Server before version 2.0.1 has an improper input validation vulnerability leading to path traversal. A malicious user may potentially exploit this vulnerability ...
CycloneDX BOM Repository Server 路径遍历漏洞
CycloneDX BOM Repository Server is a BOM repository server. It is used to distribute CycloneDX BOMs. A path traversal vulnerability exists in CycloneDX BOM Repository Server versions prior to 2.0.1, which stems from incorrect input validation leading to path traversal issues. An attacker can use...