CVE-2021-43142 – com.wutka:jox

Package

Manager: maven
Name: com.wutka:jox
Vulnerable Version: >=0 <=1.16

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

EPSS: 0.00307 pctl0.53405

Details

Improper Restriction of XML External Entity Reference in wutka jox An XML External Entity (XXE) vulnerability exists in wutka jox 1.16 in the readObject method in JOXSAXBeanInput.

Metadata

Created: 2022-04-01T00:00:45Z
Modified: 2022-04-01T19:59:52Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/04/GHSA-fcrx-8829-jpqx/GHSA-fcrx-8829-jpqx.json
CWE IDs: ["CWE-611"]
Alternative ID: GHSA-fcrx-8829-jpqx
Finding: F083
Auto approve: 1