Lucene search
Veracode Vulnerability DatabaseVERACODE:35265HistoryApr 27, 2022 - 4:20 a.m.
XML External Entity (XXE)
2022-04-2704:20:34
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
8
0.002 Low
EPSS
Percentile
57.2%
detekt-core is vulnerable to XML external entity attacks. The vulnerability exists in the read function in BaselineFormat.kt due to improper validation which allows an attacker to submit a malicious XML document.
References
github.com/advisories/GHSA-2cfc-865j-gm4w
github.com/detekt/detekt/commit/c965a8d2a6bbdb9bcfc6acfa7bbffd3da81f5395
github.com/detekt/detekt/pull/4499
huntr.dev/bounties/23e37ba7-96d5-4037-a90a-8c8f4a70ce44
huntr.dev/bounties/23e37ba7-96d5-4037-a90a-8c8f4a70ce44/
huntr.dev/bounties/23e37ba7-96d5-4037-a90a-8c8f4a70ce44/
Related
osv
osv
CVE-2022-0272
2022-04-21 17:15:07
XML External Entity Reference in detekt
2022-04-22 00:00:36
nvd
nvd
CVE-2022-0272
2022-04-21 17:15:07
cvelist
cvelist
cve
cve
CVE-2022-0272
2022-04-21 17:15:07
github
github
XML External Entity Reference in detekt
2022-04-22 00:00:36
huntr
huntr
in detekt/detekt
2022-01-16 06:39:28
prion
prion
Xxe
2022-04-21 17:15:00