7 matches found
Amazon Linux 2023 : xmlunit, xmlunit-assertj, xmlunit-core (ALAS2023-2025-1260)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1260 advisory. XMLUnit for Java before 2.10.0, in the default configuration, might allow code execution via an untrusted stylesheet used for an XSLT transformation, because XSLT extension functions are enabled...
OESA-2025-1970 xmlunit security update
Security Fixes: A vulnerability was found in xmlunit-core. It has been declared as problematic.As an impact it is known to affect confidentiality, integrity, and availability.Upgrading to version 2.10.0 eliminates this vulnerability.CVE-2024-31573...
OESA-2025-1969 xmlunit security update
Security Fixes: A vulnerability was found in xmlunit-core. It has been declared as problematic.As an impact it is known to affect confidentiality, integrity, and availability.Upgrading to version 2.10.0 eliminates this vulnerability.CVE-2024-31573...
OESA-2025-1966 xmlunit security update
Security Fixes: A vulnerability was found in xmlunit-core. It has been declared as problematic.As an impact it is known to affect confidentiality, integrity, and availability.Upgrading to version 2.10.0 eliminates this vulnerability.CVE-2024-31573...
Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to xmlunit-core-2.9.1.jar CVE-2024-31573
Summary IBM Maximo Application Suite - Monitor Component is vulnerable to xmlunit-core-2.9.1.jar CVE-2024-31573. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-31573 DESCRIPTION: XMLUnit for Java could allow an attacker to execute...
Arbitrary Code Execution
org.xmlunit: xmlunit-core is vulnerable to Arbitrary Code Execution. The vulnerability is due to enabling XSLT extension transformation functions by default within TransformerFactoryConfigurer.java, which could allows attackers to execute arbitrary code during XSLT transformations if an applicati...
org.xmlunit:xmlunit-legacy (>=2.0.0 <=2.0.0-alpha-04), org.xmlunit:xmlunit-matchers (>=2.0.0 <=2.0.0-alpha-04) potentially affected by CVE-2024-31573 via org.xmlunit:xmlunit-core (>=2.0.0-alpha-02 <=2.0.0)
org.xmlunit:xmlunit-core MAVEN version =2.0.0-alpha-02, =2.0.0, =2.0.0, =2.0.0-alpha-04 Source cves: CVE-2024-31573 Source advisory: OSV:GHSA-CHFM-68VV-PVW5...