Security Bulletin: IBM App Connect Enterprise is vulnerable to an attack to execute arbitrary code due to XMLUnit (CVE-2024-31573)

Summary IBM App Connect Enterprise is vulnerable to an attack to execute arbitrary code when XMLUnit is used to transform data with a stylesheet from an untrusted source. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2024-31573 DESCRIPTIO...

Arbitrary Code Execution

org.xmlunit: xmlunit-core is vulnerable to Arbitrary Code Execution. The vulnerability is due to enabling XSLT extension transformation functions by default within TransformerFactoryConfigurer.java, which could allows attackers to execute arbitrary code during XSLT transformations if an applicati...

GHSA-CHFM-68VV-PVW5 XMLUnit for Java has Insecure Defaults when Processing XSLT Stylesheets

Impact When performing XSLT transformations XMLUnit for Java did not disable XSLT extension functions by default. Depending on the XSLT processor being used this could allow arbitrary code to be executed when XMLUnit is used to transform data with a stylesheet who's source can not be trusted. If...

org.xmlunit:xmlunit-legacy (>=2.0.0 <=2.0.0-alpha-04), org.xmlunit:xmlunit-matchers (>=2.0.0 <=2.0.0-alpha-04) potentially affected by CVE-2024-31573 via org.xmlunit:xmlunit-core (>=2.0.0-alpha-02 <=2.0.0)

org.xmlunit:xmlunit-core MAVEN version =2.0.0-alpha-02, =2.0.0, =2.0.0, =2.0.0-alpha-04 Source cves: CVE-2024-31573 Source advisory: OSV:GHSA-CHFM-68VV-PVW5...

XMLUnit for Java has Insecure Defaults when Processing XSLT Stylesheets

Impact When performing XSLT transformations XMLUnit for Java did not disable XSLT extension functions by default. Depending on the XSLT processor being used this could allow arbitrary code to be executed when XMLUnit is used to transform data with a stylesheet who's source can not be trusted. If...

PT-2024-24141 · Unknown · Xmlunit For Java

Name of the Vulnerable Software and Affected Versions: XMLUnit for Java versions prior to 2.10.0 Description: The issue arises from XMLUnit for Java not disabling XSLT extension functions by default when performing XSLT transformations. This could allow arbitrary code to be executed when XMLUnit ...

Fedora: Security Advisory for xmlunit (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 40 Update: xmlunit-2.9.0-11.fc40

XMLUnit provides you with the tools to verify the XML you emit is the one you want to create. It provides helpers to validate against an XML Schema, assert the values of XPath queries or compare XML documents against expected outcome s...