GHSA-6FVX-R7HX-3VH6 JavaMelody has XXE via parseSoapMethodName in bull/javamelody/PayloadNameRequestWrapper.java.

JavaMelody before 1.74.0 has XXE via parseSoapMethodName in bull/javamelody/PayloadNameRequestWrapper.java...

JavaMelody has XXE via parseSoapMethodName in bull/javamelody/PayloadNameRequestWrapper.java.

JavaMelody before 1.74.0 has XXE via parseSoapMethodName in bull/javamelody/PayloadNameRequestWrapper.java...

XML External Entity (XXE)

javamelody-core is vulnerable to XML external entity attacks. This is due to enabled support for external entities and DTD in parseSoapMethodName function in bull/javamelody/PayloadNameRequestWrapper.java which allows for a remote attacker to perform such attacks...

Code injection

JavaMelody before 1.74.0 has XXE via parseSoapMethodName in bull/javamelody/PayloadNameRequestWrapper.java...

CVE-2018-15531

JavaMelody before 1.74.0 has XXE via parseSoapMethodName in bull/javamelody/PayloadNameRequestWrapper.java...

CVE-2018-15531

JavaMelody before 1.74.0 has XXE via parseSoapMethodName in bull/javamelody/PayloadNameRequestWrapper.java...

CVE-2018-15531

JavaMelody before 1.74.0 has XXE via parseSoapMethodName in bull/javamelody/PayloadNameRequestWrapper.java...

CVE-2018-15531

CVE-2018-15531 affects JavaMelody up to version 1.74.0, where parseSoapMethodName in bull/javamelody/PayloadNameRequestWrapper.java is vulnerable to XML External Entity (XXE) processing. The XXE flaw can enable an attacker to trigger external entity resolution, which may lead to exposure of sensi...