com.gitblit.fathom:fathom-integration-test (>=0.6.0 <=1.0.1), ro.pippo:pippo-demo-ajax (>=0.6.0 <=0.6.1) +15 more potentially affected by CVE-2019-5442 via ro.pippo:pippo-jaxb (>=0.6.0 <=1.0.0)

ro.pippo:pippo-jaxb MAVEN version =0.6.0, =0.6.0, =0.6.0, =0.6.0, =0.6.0, =0.6.0, =0.6.0, =0.6.0, =0.6.0, =0.6.0, =0.6.0, =0.6.0, =0.6.0, =0.6.0, =0.6.0, =0.6.0, =0.6.1 and more Source cves: CVE-2019-5442 Source advisory: OSV:GHSA-HWCX-9P4J-7HWJ...

Central Security Project: Pippo XML Entity Expansion (Billion Laughs Attack)

Maven artifact groupId: ro.pippo artifactId: pippo-jaxb version: 1.12.0 Vulnerability Vulnerability Description Pippo unsafely parses user provided XML. The fromString in the ro.pippo.jaxb.JaxbEngine class allows user provided DTDs that the rest of the XML may reference. This can lead to recursiv...

XML External Entity (XXE)

Pippo JAXB is vulnerable to XML external entity XXE. The XML parser does not disable the usage of external Document Type Definition DTD, allowing a remote attacker to perform XXE attacks via a crafted XML file...