Lucene search
+L

46 matches found

prion
prion
added 2019/06/28 6:15 p.m.14 views

Xxe

In DiffPlug Spotless before 1.20.0 library and Maven plugin and before 3.20.0 Gradle plugin, the XML parser would resolve external entities over both HTTP and HTTPS and didn't respect the resolveExternalEntities setting. For example, this allows disclosure of file contents to a MITM attacker if a...

5.1CVSS7.3AI score0.01499EPSS
Exploits0References5Affected Software2
cve
cve
added 2019/03/15 11:0 p.m.86 views

CVE-2019-9843

DiffPlug Spotless is affected by an XML External Entity (XXE) issue in the library and Maven plugin prior to 1.20.0 and in the Gradle plugin prior to 3.20.0. The XML parser resolves external entities over HTTP/HTTPS and ignores resolveExternalEntities, enabling potential disclosure of local files...

7.5CVSS7.3AI score0.01499EPSS
Exploits0References5Affected Software2
cvelist
cvelist
added 2019/03/15 11:0 p.m.20 views

CVE-2019-9843

In DiffPlug Spotless before 1.20.0 library and Maven plugin and before 3.20.0 Gradle plugin, the XML parser would resolve external entities over both HTTP and HTTPS and didn't respect the resolveExternalEntities setting. For example, this allows disclosure of file contents to a MITM attacker if a...

7.3AI score0.01499EPSS
Exploits0References5
snyk
snyk
added 2019/02/22 12:35 p.m.3 views

Unsafe Dependency Resolution

Overview com.diffplug.gradle.spotless:spotless-eclipse-groovy is a code formatting library. Affected versions of this package are vulnerable to Unsafe Dependency Resolution due to resolving dependencies over an insecure channel http. If the build occurred over an insecure connection, a malicious...

5.9CVSS6.9AI score0.00724EPSS
Exploits0References3
snyk
snyk
added 2019/02/22 12:35 p.m.5 views

Unsafe Dependency Resolution

Overview com.diffplug.spotless:spotless-eclipse-wtp is a code formatting library. Affected versions of this package are vulnerable to Unsafe Dependency Resolution due to resolving dependencies over an insecure channel http. If the build occurred over an insecure connection, a malicious user could...

5.9CVSS6.9AI score0.00724EPSS
Exploits0References3
snyk
snyk
added 2019/02/22 12:35 p.m.6 views

Unsafe Dependency Resolution

Overview com.diffplug.gradle.spotless:spotless-eclipse-cdt is a code formatting library. Affected versions of this package are vulnerable to Unsafe Dependency Resolution due to resolving dependencies over an insecure channel http. If the build occurred over an insecure connection, a malicious use...

5.9CVSS6.9AI score0.00724EPSS
Exploits0References3
Rows per page
Query Builder