11 matches found
apache-ivy: XML External Entity vulnerability
Improper Restriction of XML External Entity Reference, XML Injection aka Blind XPath Injection vulnerability in Apache Software Foundation Apache Ivy.This issue affects any version of Apache Ivy prior to 2.5.2. When Apache Ivy prior to 2.5.2 parses XML files - either its own configuration, Ivy...
apache-ivy: XML External Entity vulnerability
Improper Restriction of XML External Entity Reference, XML Injection aka Blind XPath Injection vulnerability in Apache Software Foundation Apache Ivy.This issue affects any version of Apache Ivy prior to 2.5.2. When Apache Ivy prior to 2.5.2 parses XML files - either its own configuration, Ivy...
apache-ivy: XML External Entity vulnerability
Improper Restriction of XML External Entity Reference, XML Injection aka Blind XPath Injection vulnerability in Apache Software Foundation Apache Ivy.This issue affects any version of Apache Ivy prior to 2.5.2. When Apache Ivy prior to 2.5.2 parses XML files - either its own configuration, Ivy...
Important: apache-ivy
Issue Overview: Improper Restriction of XML External Entity Reference, XML Injection aka Blind XPath Injection vulnerability in Apache Software Foundation Apache Ivy.This issue affects any version of Apache Ivy prior to 2.5.2. When Apache Ivy prior to 2.5.2 parses XML files - either its own...
com.lookout.jenkins:environment-script (=1.2.5), org.jenkins-ci.plugins:artifactory (>=2.12.0 <=2.12.1) +1 more potentially affected by CVE-2023-41938 via org.jenkins-ci.plugins:ivy (>=1.17 <=1.26)
org.jenkins-ci.plugins:ivy MAVEN version =1.17, =2.12.0, =0.6, =0.8 Source cves: CVE-2023-41938 Source advisory: OSV:GHSA-63VW-RPRV-4F8J...
SUSE CVE-2022-46751
Improper Restriction of XML External Entity Reference, XML Injection aka Blind XPath Injection vulnerability in Apache Software Foundation Apache Ivy.This issue affects any version of Apache Ivy prior to 2.5.2. When Apache Ivy prior to 2.5.2 parses XML files - either its own configuration, Ivy...
ae.teletronics.nlp:entityextraction (>=1.3 <=1.4), ai.catboost:catboost-spark_2.11 (>=0.25-rc1 <=0.25-rc3) +5778 more potentially affected by CVE-2022-46751 via org.apache.ivy:ivy (>=2.0.0-beta1 <=2.5.1)
org.apache.ivy:ivy MAVEN version =2.0.0-beta1, =1.3, =0.25-rc1, =0.25-rc1, =0.25, =0.25, =0.25, =0.25, =1.0.1, =1.0.6, =1.0.6, =1.1, =1.1.1, =1.2, =1.2, =1.2.3, =1.2.10 and more Source cves: CVE-2022-46751 Source advisory: OSV:GHSA-2JC4-R94C-RP7H...
GHSA-2JC4-R94C-RP7H Apache Ivy External Entity Reference vulnerability
Improper Restriction of XML External Entity Reference, XML Injection aka Blind XPath Injection vulnerability in Apache Software Foundation Apache Ivy.This issue affects any version of Apache Ivy prior to 2.5.2. When Apache Ivy prior to 2.5.2 parses XML files - either its own configuration, Ivy...
ai.catboost:catboost-spark_2.11 (>=0.25-rc1 <=0.25-rc3), ai.catboost:catboost-spark_2.12 (>=0.25-rc1 <=0.25-rc3) +4273 more potentially affected by CVE-2022-37865 via org.apache.ivy:ivy (>=2.4.0 <=2.5.0)
org.apache.ivy:ivy MAVEN version =2.4.0, =0.25-rc1, =0.25-rc1, =0.25, =0.25, =0.25, =0.25, =1.0.1, =1.0.6, =1.0.6, =1.1, =1.1.1, =0.0.25, =0.0.25, =0.0.25, =0.0.25, =def544ccef5f753238ecc4adfc2eaa7d2fc36d53-0.0.91 and more Source cves: CVE-2022-37865 Source advisory: OSV:GHSA-94RR-4JR5-9H2P...
GHSA-94RR-4JR5-9H2P Apache Ivy does not verify target path when extracting the archive
With Apache Ivy 2.4.0 an optional packaging attribute has been introduced that allows artifacts to be unpacked on the fly if they used pack200 or zip packaging. For artifacts using the "zip", "jar" or "war" packaging Ivy prior to version 2.5.1 doesn't verify the target path when extracting the...
Apache Ivy 路径遍历漏洞
Apache Ivy is a deliverable package manager from the Apache Foundation USA. A path traversal vulnerability exists in Apache Ivy versions prior to 2.5.1, which stems from the fact that artifacts may be stored outside of Ivy's local cache or repository, or can overwrite different artifacts within t...