EUVD-2024-49633

Malicious code in bioql PyPI...

GHSA-7MJ5-HJJJ-8RGW http4k has a potential XXE (XML External Entity Injection) vulnerability

Summary Short summary of the problem. Make the impact and severity as clear as possible. For example: An unsafe deserialization vulnerability allows any unauthenticated user to execute arbitrary code on the server. There is a potential XXEXML External Entity Injection vulnerability when http4k...

CVE-2024-8602

CVE-2024-8602 concerns XXE in XML parsing from PDFs via the default DocumentBuilder settings in taxstatement.jar. Connected data confirms affected software: taxstatement.jar versions 2.2.2 and 2.2.4. Root cause: DocumentBuilder configured to allow external entities, enabling an XML external entit...

CVE-2024-8602 XML Eternal Entity Attack in the Software Library taxstatement.jar

When the XML is read from the codes in the PDF and parsed using a DocumentBuilder, the default settings of the DocumentBuilder allow for an XXE XML External Entity attack. Further information on this can be found on the website of the Open Worldwide Application Security Project OWASP. An attacker...

CVE-2024-8602 XML Eternal Entity Attack in the Software Library taxstatement.jar

When the XML is read from the codes in the PDF and parsed using a DocumentBuilder, the default settings of the DocumentBuilder allow for an XXE XML External Entity attack. Further information on this can be found on the website of the Open Worldwide Application Security Project OWASP. An attacker...

Schweizerische Steuerkonferenz SSK eSteuerauszug 安全漏洞

Schweizerische Steuerkonferenz SSK eSteuerauszug is an electronic tax form standard from the Swiss team at Schweizerische Steuerkonferenz SSK. A security vulnerability in Schweizerische Steuerkonferenz SSK eSteuerauszug, which stems from an improperly set default setting in DocumentBuilder, could...

PT-2024-39124 · Unknown · Taxstatement.Jar

Name of the Vulnerable Software and Affected Versions: taxstatement.jar version 2.2.2 taxstatement.jar version 2.2.4 Description: The default settings of the DocumentBuilder allow for an XXE XML External Entity attack when reading XML from PDF codes. This could enable an attacker to deliver a...

SUSE CVE-2019-12400

In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents using a static pool of DocumentBuilders. However, if some untrusted code can register a malicious implementation with the thread context class loader first, then this...

XML Parsing Vulnerability affecting JRuby users

The ActiveSupport XML parsing functionality supports multiple pluggable backends. One backend supported for JRuby users is ActiveSupport::XmlMiniJDOM which makes use of the javax.xml.parsers.DocumentBuilder class. In some JVM configurations the default settings of that class can allow an attacker...