4 matches found
GO-2026-4356 Dragonfly Manager Job API Unauthenticated Access in d7y.io/dragonfly
Dragonfly Manager Job API Unauthenticated Access in d7y.io/dragonfly...
EUVD-2022-45071
Malicious code in bioql PyPI...
CVE-2022-41967
Dragonfly is a Java runtime dependency management library. Dragonfly v0.3.0-SNAPSHOT does not configure DocumentBuilderFactory to prevent XML external entity XXE attacks. This issue is patched in 0.3.1-SNAPSHOT. As a workaround, since Dragonfly only parses XML SNAPSHOT versions are being resolved...
CVE-2022-41967 Improper Restriction of XML External Entity Reference in Dragonfly
Dragonfly is a Java runtime dependency management library. Dragonfly v0.3.0-SNAPSHOT does not configure DocumentBuilderFactory to prevent XML external entity XXE attacks. This issue is patched in 0.3.1-SNAPSHOT. As a workaround, since Dragonfly only parses XML SNAPSHOT versions are being resolved...