br.com.digisan:digisan-java (>=1.0.7 <=1.0.10), com.adaptrex:adaptrex-complete (>=0.9.1 <=0.9.10) +810 more potentially affected by CVE-2014-3643 via com.sun.jersey:jersey-core (>=1.0 <=1.12-b01)

com.sun.jersey:jersey-core MAVEN version =1.0, =1.0.7, =0.9.1, =0.1.1, =0.9.1, =v0.27.12, =2.0.4, =1.0.2, =1.0.2, =1.0.1-3, =2.0, =2.0, =1.1.0.1, =1.1.0.1, =4.2.0, =4.2.0, =5.4.3 and more Source cves: CVE-2014-3643 Source advisory: SNYK:JAVA-COMSUNJERSEY-10441493...

br.com.digisan:digisan-java (>=1.0.7 <=1.0.10), com.adaptrex:adaptrex-complete (>=0.9.1 <=0.9.10) +810 more potentially affected by CVE-2014-3643 via com.sun.jersey:jersey-core (>=0.9-ea <=1.12-b01)

com.sun.jersey:jersey-core MAVEN version =0.9-ea, =1.0.7, =0.9.1, =0.1.1, =0.9.1, =v0.27.12, =2.0.4, =1.0.2, =1.0.2, =1.0.1-3, =2.0, =2.0, =1.1.0.1, =1.1.0.1, =4.2.0, =4.2.0, =5.4.3 and more Source cves: CVE-2014-3643 Source advisory: OSV:GHSA-5M48-VR54-VMH3...

XML External Entity (XXE) Injection

Overview Affected versions of this package are vulnerable to XML External Entity XXE Injection in the SAX parse. An attacker can access sensitive information by submitting XML input referencing external entities. Details XXE Injection is a type of attack against an application that parses XML...

XML External Entity (XXE)

jersey-core is vulnerable to XML external entity attacks. The external parameter entities were not disabled by the jersey SAX parser, allowing a remote attacker to exploit the vulnerability to read files accessible to the user running the application server, and potentially perform recursive enti...