GHSA-X832-FPVJ-R5PH Mustangproject allows exfiltrating files via XXE attacks

Mustang before 2.16.3 allows exfiltrating files via XXE attacks...

Mustangproject allows exfiltrating files via XXE attacks

Mustang before 2.16.3 allows exfiltrating files via XXE attacks...

net.codinux.invoicing:e-invoice (>=0.5.0 <=0.5.2), net.codinux.invoicing:e-invoice-jvm (>=0.6.0 <=0.7.3) potentially affected by CVE-2025-66372 via org.mustangproject:validator (>=2.14.2 <=2.15.1)

org.mustangproject:validator MAVEN version =2.14.2, =0.5.0, =0.6.0, =0.7.3 Source cves: CVE-2025-66372 Source advisory: OSV:GHSA-X832-FPVJ-R5PH...

XML External Entity (XXE) Injection

Overview Affected versions of this package are vulnerable to XML External Entity XXE Injection via the XML parsing process. An attacker can access sensitive files by submitting specially crafted XML data containing external entities. Details XXE Injection is a type of attack against an applicatio...

net.codinux.invoicing:e-invoice (>=0.5.0 <=0.5.2), net.codinux.invoicing:e-invoice-jvm (>=0.6.0 <=0.7.3) potentially affected by CVE-2025-66372 via org.mustangproject:validator (>=2.14.2 <=2.15.1)

org.mustangproject:validator MAVEN version =2.14.2, =0.5.0, =0.6.0, =0.7.3 Source cves: CVE-2025-66372 Source advisory: SNYK:JAVA-ORGMUSTANGPROJECT-14147556...

net.codinux.invoicing:e-invoice (>=0.5.0 <=0.5.2), net.codinux.invoicing:e-invoice-domain-android (>=0.6.0 <=0.8.0) +2 more potentially affected by CVE-2025-66372 via org.mustangproject:library (>=2.0.0 <=2.16.2)

org.mustangproject:library MAVEN version =2.0.0, =0.5.0, =0.6.0, =0.6.0, =2.0.0, =2.16.2 Source cves: CVE-2025-66372 Source advisory: SNYK:JAVA-ORGMUSTANGPROJECT-14147555...

Mustangproject 代码问题漏洞

Mustangproject is an invoice library, validator, and tooling software open-sourced by the ZUGFeRD Community. A code issue vulnerability exists in Mustangproject versions prior to 2.16.3 that stems from allowing file theft via XXE attacks...