3 matches found
XML External Entity (XXE)
liquibase-core is vulnerable to XML external entity attacks. The XMLChangeLogSAXParser function of XMLChangeLogSAXParser.java does not disable access to external entities by default, allowing an attacker to submit a malicious XML document to perform requests on behalf of the server...
africa.absa:inception-application (>=1.0.0 <=1.2.0), africa.absa:inception-test (>=1.0.0 <=1.2.0) +2247 more potentially affected by CVE-2022-0839 via org.liquibase:liquibase-core (>=1.3.3 <=4.7.1)
org.liquibase:liquibase-core MAVEN version =1.3.3, =1.0.0, =1.0.0, =0.2.0, =2.0.1, =2.0, =0.1, =3.6.0, =3.3.0, =1.0.0, =1.0.0, =1.0.10 - be.yildiz-games:feature-city-server =1.0.0 - be.yildiz-games:feature-entity-server =1.0.0 - be.yildiz-games:feature-message-server =1.0.0 -...
Cross-Site Scripting (XSS)
liquibase-core is vulnerable to cross-site scripting XSS attacks. The attacks are possible because it employs the vulnerable version of jquery in liquibase-core/src/main/resources/liquibase/sdk/watch/js/jquery-1.11.0.min.js. This vulnerability is related to SID-6097...