Bug 2172069 (CVE-2014-125087) - CVE-2014-125087 java-xmlbuilder: XMLBuilder2 is vulnerable to XML External Entity (XXE) injection
Summary: CVE-2014-125087 java-xmlbuilder: XMLBuilder2 is vulnerable to XML External En...
Keywords:
Status: CLOSED WONTFIX
Alias: CVE-2014-125087
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
urgent
urgent
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: 2171902
TreeView+ depends on / blocked
 
Reported: 2023-02-21 11:39 UTC by Avinash Hanwate
Modified: 2023-05-24 09:11 UTC (History)
35 users (show)

Fixed In Version: java-xmlbuilder 1.2
Clone Of:
Environment:
Last Closed: 2023-05-24 09:11:25 UTC
Embargoed:

Attachments (Terms of Use)

Description Avinash Hanwate 2023-02-21 11:39:55 UTC 
A vulnerability was found in java-xmlbuilder up to 1.1. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to xml external entity reference. Upgrading to version 1.2 is able to address this issue. The name of the patch is e6fddca201790abab4f2c274341c0bb8835c3e73. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-221480.

https://vuldb.com/?id.221480
https://vuldb.com/?ctiid.221480
https://github.com/jmurty/java-xmlbuilder/issues/6
https://github.com/jmurty/java-xmlbuilder/releases/tag/v1.2
https://github.com/jmurty/java-xmlbuilder/commit/e6fddca201790abab4f2c274341c0bb8835c3e73
Comment 5 Product Security DevOps Team 2023-05-24 09:11:22 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2014-125087
Note You need to log in before you can comment on or make changes to this bug.