← voltar
CVE-2024-34345

@cyclonedx/cyclonedx-library Improper Restriction of XML External Entity Reference vulnerability

CVSS 8.1 HIGHEPSS 0.9%CWE-611
The CycloneDX JavaScript library contains the core functionality of OWASP CycloneDX for JavaScript. In 6.7.0, XML External entity injections were possible, when running the provided XML Validator on arbitrary input. This issue was fixed in version 6.7.1.
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Produtos afetados
CycloneDX · cyclonedx-javascript-library

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/CycloneDX/cyclonedx-javascript-library/commit/5e5e1e0b9422f47d2de81c7c4064b803a01e7203https://github.com/CycloneDX/cyclonedx-javascript-library/pull/1063https://github.com/CycloneDX/cyclonedx-javascript-library/security/advisories/GHSA-38gf-rh2w-gmj7