46 matches found
Xxe
In DiffPlug Spotless before 1.20.0 library and Maven plugin and before 3.20.0 Gradle plugin, the XML parser would resolve external entities over both HTTP and HTTPS and didn't respect the resolveExternalEntities setting. For example, this allows disclosure of file contents to a MITM attacker if a...
CVE-2019-9843
DiffPlug Spotless is affected by an XML External Entity (XXE) issue in the library and Maven plugin prior to 1.20.0 and in the Gradle plugin prior to 3.20.0. The XML parser resolves external entities over HTTP/HTTPS and ignores resolveExternalEntities, enabling potential disclosure of local files...
CVE-2019-9843
In DiffPlug Spotless before 1.20.0 library and Maven plugin and before 3.20.0 Gradle plugin, the XML parser would resolve external entities over both HTTP and HTTPS and didn't respect the resolveExternalEntities setting. For example, this allows disclosure of file contents to a MITM attacker if a...
Unsafe Dependency Resolution
Overview com.diffplug.gradle.spotless:spotless-eclipse-groovy is a code formatting library. Affected versions of this package are vulnerable to Unsafe Dependency Resolution due to resolving dependencies over an insecure channel http. If the build occurred over an insecure connection, a malicious...
Unsafe Dependency Resolution
Overview com.diffplug.spotless:spotless-eclipse-wtp is a code formatting library. Affected versions of this package are vulnerable to Unsafe Dependency Resolution due to resolving dependencies over an insecure channel http. If the build occurred over an insecure connection, a malicious user could...
Unsafe Dependency Resolution
Overview com.diffplug.gradle.spotless:spotless-eclipse-cdt is a code formatting library. Affected versions of this package are vulnerable to Unsafe Dependency Resolution due to resolving dependencies over an insecure channel http. If the build occurred over an insecure connection, a malicious use...