CVE-2018-1307 – org.apache.juddi:juddi-client

Package

Manager: maven
Name: org.apache.juddi:juddi-client
Vulnerable Version: >=3.2 <3.3.5

Severity

Level: High

CVSS v3.1: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.01116 pctl0.77361

Details

Apache juddi-client vulnerable to XML External Entity (XXE) In Apache jUDDI 3.2 through 3.3.4, if using the WADL2Java or WSDL2Java classes, which parse a local or remote XML document and then mediates the data structures into UDDI data structures, there are little protections present against entity expansion and DTD type of attacks. Mitigation is to use 3.3.5.

Metadata

Created: 2018-10-19T16:42:15Z
Modified: 2022-09-14T19:12:48Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/10/GHSA-p99p-726h-c8v5/GHSA-p99p-726h-c8v5.json
CWE IDs: ["CWE-611"]
Alternative ID: GHSA-p99p-726h-c8v5
Finding: F083
Auto approve: 1