ReportizFlow
Filtered by vendor Cyclonedx
Subscriptions
Filtered by product Cyclonedx Core Java
Subscriptions
Total
1 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-38374 | 1 Cyclonedx | 1 Cyclonedx Core Java | 2024-11-21 | 7.5 High |
| The CycloneDX core module provides a model representation of the SBOM along with utilities to assist in creating, validating, and parsing SBOMs. Before deserializing CycloneDX Bill of Materials in XML format, _cyclonedx-core-java_ leverages XPath expressions to determine the schema version of the BOM. The `DocumentBuilderFactory` used to evaluate XPath expressions was not configured securely, making the library vulnerable to XML External Entity (XXE) injection. This vulnerability has been fixed in cyclonedx-core-java version 9.0.4. | ||||
Page 1 of 1.