XML External Entity (XXE)

detekt-core is vulnerable to XML external entity attacks. The vulnerability exists in the read function in BaselineFormat.kt due to improper validation which allows an attacker to submit a malicious XML document...

com.github.ozsie:detekt-maven-plugin (>=1.0.0 <=1.19.1), de.manuzid:static-code-review-plugin (>=1.0.0 <=1.1.0) +10 more potentially affected by CVE-2022-0272 via io.gitlab.arturbosch.detekt:detekt-core (>=1.0.0-RC10 <=1.20.0-RC2)

io.gitlab.arturbosch.detekt:detekt-core MAVEN version =1.0.0-RC10, =1.0.0, =1.0.0, =0.9.4, =0.9.6, =0.3.0, =0.3.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0-gradle-rework-beta1, =2.2.0, =2.6.0 Source cves: CVE-2022-0272 Source advisory: OSV:GHSA-2CFC-865J-GM4W...