The CycloneDX JavaScript library contains the core functionality of OWASP CycloneDX for JavaScript. In 6.7.0, XML External entity injections were possible, when running the provided XML Validator on arbitrary input. This issue was fixed in version 6.7.1.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2024-05-09T14:56:07.494Z
Updated: 2024-08-02T02:51:09.775Z
Reserved: 2024-05-02T06:36:32.437Z
Link: CVE-2024-34345
Vulnrichment
Updated: 2024-08-02T02:51:09.775Z
NVD
Status : Awaiting Analysis
Published: 2024-05-14T15:38:40.380
Modified: 2024-11-21T09:18:28.497
Link: CVE-2024-34345
Redhat
No data.