← volver
CVE-2024-34345

@cyclonedx/cyclonedx-library Improper Restriction of XML External Entity Reference vulnerability

CVSS 8.1 HIGHEPSS 0.9%CWE-611
The CycloneDX JavaScript library contains the core functionality of OWASP CycloneDX for JavaScript. In 6.7.0, XML External entity injections were possible, when running the provided XML Validator on arbitrary input. This issue was fixed in version 6.7.1.
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Productos afectados
CycloneDX · cyclonedx-javascript-library

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://github.com/CycloneDX/cyclonedx-javascript-library/commit/5e5e1e0b9422f47d2de81c7c4064b803a01e7203https://github.com/CycloneDX/cyclonedx-javascript-library/pull/1063https://github.com/CycloneDX/cyclonedx-javascript-library/security/advisories/GHSA-38gf-rh2w-gmj7