au.com.versent.jenkins.plugins:ignore-committer-strategy (=29.v7c3891a_434c3), ch.admin.bit.jeap:jeap-message-contract-domain (>=3.26.0 <=3.33.0) +711 more potentially affected by CVE-2025-4949 via org.eclipse.jgit:org.eclipse.jgit (>=6.0.0.202111291000-r <=6.10.0.202406032230-r)

org.eclipse.jgit:org.eclipse.jgit MAVEN version =6.0.0.202111291000-r, =3.26.0, =3.26.0, =3.26.0, =3.26.0, =3.26.0, =8.15.0, =8.15.0, =1.5.0, =1.15.2 - com.a65apps.changelog:com.a65apps.changelog.gradle.plugin =1.1.10 - com.a65apps.changelog:plugin =1.1.10 -...

XML External Entity (XXE) Injection

Overview Affected versions of this package are vulnerable to XML External Entity XXE Injection via the ManifestParser and AmazonS3 classes which use a SAXParser to parse XML files without properly configuring it to disable external entity processing. An attacker can access sensitive information o...

au.com.versent.jenkins.plugins:ignore-committer-strategy (>=37.v0d3157c4a_ef8 <=57.v0756db_b_f6926), ch.admin.bit.jeap:jeap-initializer (>=2.6.0 <=3.0.0-alpha-springboot4) +223 more potentially affected by CVE-2025-4949 via org.eclipse.jgit:org.eclipse.jgit (=7.0.0.202409031743-r)

org.eclipse.jgit:org.eclipse.jgit MAVEN version =7.0.0.202409031743-r is affected by a known vulnerability. The following packages have a transitive dependency on org.eclipse.jgit:org.eclipse.jgit and may be impacted: - au.com.versent.jenkins.plugins:ignore-committer-strategy =37.v0d3157c4aef8,...

au.com.versent.jenkins.plugins:ignore-committer-strategy (>=37.v0d3157c4a_ef8 <=57.v0756db_b_f6926), ch.admin.bit.jeap:jeap-initializer (>=2.6.0 <=3.0.0-alpha-springboot4) +223 more potentially affected by CVE-2025-4949 via org.eclipse.jgit:org.eclipse.jgit (=7.0.0.202409031743-r)

org.eclipse.jgit:org.eclipse.jgit MAVEN version =7.0.0.202409031743-r is affected by a known vulnerability. The following packages have a transitive dependency on org.eclipse.jgit:org.eclipse.jgit and may be impacted: - au.com.versent.jenkins.plugins:ignore-committer-strategy =37.v0d3157c4aef8,...

ai.pipestream:quarkus-grpc-gatherer-deployment (>=0.1.0 <=0.1.1), ch.admin.bit.jeap:jeap-archrepo-importer-messagetype (>=1.10.0 <=1.23.0) +181 more potentially affected by CVE-2025-4949 via org.eclipse.jgit:org.eclipse.jgit (=7.1.0.202411261347-r)

org.eclipse.jgit:org.eclipse.jgit MAVEN version =7.1.0.202411261347-r is affected by a known vulnerability. The following packages have a transitive dependency on org.eclipse.jgit:org.eclipse.jgit and may be impacted: - ai.pipestream:quarkus-grpc-gatherer-deployment =0.1.0, =1.10.0, =1.10.0,...

CVE-2025-4949

In Eclipse JGit versions 7.2.0.202503040940-r and older, the ManifestParser class used by the repo command and the AmazonS3 class used to implement the experimental amazons3 git transport protocol allowing to store git pack files in an Amazon S3 bucket, are vulnerable to XML External Entity XXE...

DEBIAN-CVE-2025-4949

In Eclipse JGit versions 7.2.0.202503040940-r and older, the ManifestParser class used by the repo command and the AmazonS3 class used to implement the experimental amazons3 git transport protocol allowing to store git pack files in an Amazon S3 bucket, are vulnerable to XML External Entity XXE...

CVE-2025-4949

In Eclipse JGit versions 7.2.0.202503040940-r and older, the ManifestParser class used by the repo command and the AmazonS3 class used to implement the experimental amazons3 git transport protocol allowing to store git pack files in an Amazon S3 bucket, are vulnerable to XML External Entity XXE...

UBUNTU-CVE-2025-4949

In Eclipse JGit versions 7.2.0.202503040940-r and older, the ManifestParser class used by the repo command and the AmazonS3 class used to implement the experimental amazons3 git transport protocol allowing to store git pack files in an Amazon S3 bucket, are vulnerable to XML External Entity XXE...

CVE-2025-4949 XXE vulnerability in Eclipse JGit

In Eclipse JGit versions 7.2.0.202503040940-r and older, the ManifestParser class used by the repo command and the AmazonS3 class used to implement the experimental amazons3 git transport protocol allowing to store git pack files in an Amazon S3 bucket, are vulnerable to XML External Entity XXE...

CVE-2025-4949 XXE vulnerability in Eclipse JGit

In Eclipse JGit versions 7.2.0.202503040940-r and older, the ManifestParser class used by the repo command and the AmazonS3 class used to implement the experimental amazons3 git transport protocol allowing to store git pack files in an Amazon S3 bucket, are vulnerable to XML External Entity XXE...

CVE-2025-4949

In Eclipse JGit versions 7.2.0.202503040940-r and older, the ManifestParser class used by the repo command and the AmazonS3 class used to implement the experimental amazons3 git transport protocol allowing to store git pack files in an Amazon S3 bucket, are vulnerable to XML External Entity XXE...

CVE-2025-4949

CVE-2025-4949 is an XXE vulnerability in Eclipse JGit (ManifestParser used by repo and AmazonS3 transport). IBM documentation links this CVE to IBM WebMethods Integration (on prem) 11.1 with fixes in 11.1 Fix 2 and related 2.0.3 components; IBM security pages list a remediation path via updating ...

Eclipse JGit 代码问题漏洞

Eclipse JGit is an open source Java implementation of the Eclipse Foundation for handling the Git version control system. A security vulnerability exists in Eclipse JGit 7.2.0.202503040940-r and prior versions, which stems from an XML external entity attack when parsing XML files, which could lea...

PT-2025-22326

Name of the Vulnerable Software and Affected Versions Eclipse JGit versions 7.2.0.202503040940-r and older Description The ManifestParser class used by the repo command and the AmazonS3 class used to implement the experimental amazons3 git transport protocol are vulnerable to XML External Entity...

Linux Distros Unpatched Vulnerability : CVE-2023-4759

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Arbitrary File Overwrite in Eclipse JGit = 6.6.0 In Eclipse JGit, all versions = 6.6.0.202305301015-r, a symbolic link present in a specially crafted git...

SUSE CVE-2023-4759

Arbitrary File Overwrite in Eclipse JGit = 6.6.0 In Eclipse JGit, all versions = 6.6.0.202305301015-r, a symbolic link present in a specially crafted git repository can be used to write a file to locations outside the working tree when this repository is cloned with JGit to a case-insensitive...

Security Bulletin: Business Automation Manager Open Editions 8.0.5 - jgit vulnerability

Summary Business Automation Manager Open Editions in version 8.0.5 contains a vulnerability in jgit library, that is used as part of the release. For more information, please see the vulnerability description in the Vulnerability Details section. Vulnerability Details CVEID:CVE-2023-4759...

Security Bulletin: IBM InfoSphere Information Server is affected by a code execution vulnerability in Eclipse JGit (CVE-2023-4759)

Summary A code execution vulnerability in Eclipse JGit used by InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2023-4759 DESCRIPTION: Eclipse JGit could allow a remote attacker to execute arbitrary code on the system, caused by improper handling of case insensitive...

OPENSUSE-SU-2024:13312-1 eclipse-jgit-5.11.0-9.1 on GA media

These are all security issues fixed in the eclipse-jgit-5.11.0-9.1 package on the GA media of openSUSE Tumbleweed...