checkstyle is vulnerable to XML external entity attacks. The external-parameter-entities
feature is not disabled by default, allowing a remote attacker to retrieve system files or perform requests on behalf of the server via a malicious XML document.
CPE | Name | Operator | Version |
---|---|---|---|
checkstyle | le | 8.28 | |
checkstyle | le | 8.5 | |
checkstyle | le | 8.17 |