CycloneDX JavaScript Library 代码问题漏洞

The CycloneDX JavaScript Library is a core feature of the CycloneDX SBOM Standard open source OWASP CycloneDX for JavaScript written in TypeScript. A code issue vulnerability exists in CycloneDX JavaScript Library versions prior to 6.7.1 that stems from XML external entity injection when running...

CVE-2024-34345

CVE-2024-34345 affects the CycloneDX JavaScript library (cyclonedx-library) core functionality. The vulnerability arises from XML External Entity (XXE) injections when using the provided XML Validator on arbitrary input in version 6.7.0; it was fixed in 6.7.1. Affected component/file is the XML v...

CVE-2024-34345 @cyclonedx/cyclonedx-library Improper Restriction of XML External Entity Reference vulnerability

The CycloneDX JavaScript library contains the core functionality of OWASP CycloneDX for JavaScript. In 6.7.0, XML External entity injections were possible, when running the provided XML Validator on arbitrary input. This issue was fixed in version 6.7.1...

CVE-2024-34345

creationtimestamp| type| source ---|---|--- 2024-05-08 15:13:47+00:00| published-proof-of-concept| https://github.com/CycloneDX/cyclonedx-javascript-library/security/advisories/GHSA-38gf-rh2w-gmj7...