Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

3 matches found

RedhatCVE
RedhatCVEadded 2022/05/03 9:34 p.m.45 views

CVE-2022-0839

A flaw was found in Liquiibase's XMLChangeLogSAXParser function. It uses SAXParser with no FEATURESECUREPROCESSING set, which could possibly allow XML External Entity XXE attacks...

9.8CVSS4.4AI score0.00103EPSS
Exploits1References4
Veracode
Veracodeadded 2022/03/09 2:35 a.m.43 views

XML External Entity (XXE)

liquibase-core is vulnerable to XML external entity attacks. The XMLChangeLogSAXParser function of XMLChangeLogSAXParser.java does not disable access to external entities by default, allowing an attacker to submit a malicious XML document to perform requests on behalf of the server...

9.8CVSS5.2AI score0.00103EPSS
Exploits1References7Affected Software3
Github Security Blog
Github Security Blogadded 2022/03/05 12:0 a.m.136 views

Improper Restriction of XML External Entity Reference in Liquibase

The XMLChangeLogSAXParser function in Liquibase prior to version 4.8.0 contains an issue that may lead to to Improper Restriction of XML External Entity Reference...

9.8CVSS3.7AI score0.00103EPSS
Exploits1References6Affected Software1
Rows per page
Query Builder