Fedora: Security Advisory for xml-commons-apis (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 40 Update: xml-maven-plugin-1.1.0-3.fc40

A plugin for various XML related tasks like validation and transformation...

[SECURITY] Fedora 40 Update: xml-commons-apis-1.4.01-46.fc40

xml-commons-apis is designed to organize and have common packaging for the various externally-defined standard interfaces for XML. This includes the DOM, SAX, and JAXP...

[SECURITY] Fedora 40 Update: plexus-xml-3.0.0-2.fc40

A collection of various utility classes to ease working with XML...

[SECURITY] Fedora 40 Update: msv-2022.7-4.fc40

The Multi Schema Validation toolkit is a Java based toolkit consisting of 8 different submodules. The core module is the Multi-Schema XML Validator MSV for the validation of XML documents against several kinds of XML schemata The core supports RELAX NG, RELAX Namespace, RELAX Core, TREX, XML DTDs...

[SECURITY] Fedora 40 Update: modello-2.1.2-6.fc40

Modello is a Data Model toolkit in use by the Apache Maven Project. Modello is a framework for code generation from a simple model. Modello generates code from a simple model format based on a plugin architecture, various types of code and descriptors can be generated from the single model,...

[SECURITY] Fedora 40 Update: jdom2-2.0.6.1-7.fc40

JDOM is a Java-oriented object model which models XML documents. It provides a Java-centric means of generating and manipulating XML documents. While JDOM inter-operates well with existing standards such as the Simple API for XML SAX and the Document Object Model DOM, it is not an abstraction lay...

[SECURITY] Fedora 40 Update: jaxen-1.2.0-17.fc40

Jaxen is an open source XPath library written in Java. It is adaptable to many different object models, including DOM, XOM, dom4j, and JDOM. Is it also possible to write adapters that treat non-XML trees such as compil ed Java byte code or Java beans as XML, thus enabling you to query these trees...

[SECURITY] Fedora 40 Update: jaxb-dtd-parser-1.5.1-5.fc40

SAX-like API for parsing XML DTDs...

[SECURITY] Fedora 40 Update: jackson-jaxrs-providers-2.16.1-3.fc40

This is a multi-module project that contains Jackson-based JAX-RS providers f or following data formats: JSON, Smile binary JSON, XML, CBOR another kind of binary JSON, YAML...

[SECURITY] Fedora 40 Update: fop-2.9-6.fc40

FOP is the world's first print formatter driven by XSL formatting objects. It is a Java application that reads a formatting object tree and then turns it into a PDF document. The formatting object tree, can be in the form of an XML document output by an XSLT engine like XT or Xalan or can be pass...

[SECURITY] Fedora 38 Update: golang-github-tdewolff-minify-2.20.18-1.fc38

Minify is a minifier package written in Go. It provides HTML5, CSS3, JS, JSON, SVG and XML minifiers and an interface to implement any other minifier. Minification is the process of removing bytes from a file such as whitespace without changing its output and therefore shrinking its size and...

BIT-TYPO3-2020-26229

TYPO3 is an open source PHP based web content management system. In TYPO3 from version 10.4.0, and before version 10.4.10, RSS widgets are susceptible to XML external entity processing. This vulnerability is reasonable, but is theoretical - it was not possible to actually reproduce the...

BIT-SILVERSTRIPE-2020-25817

SilverStripe through 4.6.0-rc1 has an XXE Vulnerability in CSSContentParser. A developer utility meant for parsing HTML within unit tests can be vulnerable to XML External Entity XXE attacks. When this developer utility is misused for purposes involving external or user submitted data in custom...

BIT-GOLANG-2020-29511

The encoding/xml package in Go all versions does not correctly preserve the semantics of element namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications...

BIT-GOLANG-2021-27918

encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite loop if a custom TokenReader for xml.NewTokenDecoder returns EOF in the middle of an element. This can occur in the Decode, DecodeElement, or Skip method...

BIT-SILVERSTRIPE-2021-41559

Silverstripe silverstripe/framework 4.8.1 has a quadratic blowup in Convert::xml2array that enables a remote attack via a crafted XML document...

BIT-PYTHON-2022-48565

An XML External Entity XXE issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities...

BIT-JENKINS-2021-21606

Jenkins 2.274 and earlier, LTS 2.263.1 and earlier improperly validates the format of a provided fingerprint ID when checking for its existence allowing an attacker to check for the existence of XML files with a short path...

BIT-PHP-2023-3823 Security issue with external entity loading in XML without enabling it

In PHP versions 8.0. before 8.0.30, 8.1. before 8.1.22, and 8.2. before 8.2.8 various XML functions rely on libxml global state to track configuration variables, like whether external entities are loaded. This state is assumed to be unchanged unless the user explicitly changes it by calling...