8 matches found
EUVD-2024-1382
Malicious code in bioql PyPI...
CVE-2024-34345
The CycloneDX JavaScript library contains the core functionality of OWASP CycloneDX for JavaScript. In 6.7.0, XML External entity injections were possible, when running the provided XML Validator on arbitrary input. This issue was fixed in version 6.7.1...
CycloneDX JavaScript Library 代码问题漏洞
The CycloneDX JavaScript Library is a core feature of the CycloneDX SBOM Standard open source OWASP CycloneDX for JavaScript written in TypeScript. A code issue vulnerability exists in CycloneDX JavaScript Library versions prior to 6.7.1 that stems from XML external entity injection when running...
CVE-2024-34345
CVE-2024-34345 affects the CycloneDX JavaScript library (cyclonedx-library) core functionality. The vulnerability arises from XML External Entity (XXE) injections when using the provided XML Validator on arbitrary input in version 6.7.0; it was fixed in 6.7.1. Affected component/file is the XML v...
CVE-2024-34345 @cyclonedx/cyclonedx-library Improper Restriction of XML External Entity Reference vulnerability
The CycloneDX JavaScript library contains the core functionality of OWASP CycloneDX for JavaScript. In 6.7.0, XML External entity injections were possible, when running the provided XML Validator on arbitrary input. This issue was fixed in version 6.7.1...
CVE-2024-34345 @cyclonedx/cyclonedx-library Improper Restriction of XML External Entity Reference vulnerability
The CycloneDX JavaScript library contains the core functionality of OWASP CycloneDX for JavaScript. In 6.7.0, XML External entity injections were possible, when running the provided XML Validator on arbitrary input. This issue was fixed in version 6.7.1...
CVE-2024-34345
creationtimestamp| type| source ---|---|--- 2024-05-08 15:13:47+00:00| published-proof-of-concept| https://github.com/CycloneDX/cyclonedx-javascript-library/security/advisories/GHSA-38gf-rh2w-gmj7...
PT-2024-25802 · Unknown · Cyclonedx Javascript Library
Name of the Vulnerable Software and Affected Versions: CycloneDX JavaScript library version 6.7.0 Description: The CycloneDX JavaScript library is vulnerable to XML External Entity XXE injections when running the provided XML Validator on arbitrary input. This issue was fixed in version 6.7.1. To...