CVE-2022-0839 – org.liquibase:liquibase-core

Package

Manager: maven
Name: org.liquibase:liquibase-core
Vulnerable Version: >=0 <4.8.0

Severity

Level: Critical

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00121 pctl0.3183

Details

Improper Restriction of XML External Entity Reference in Liquibase The XMLChangeLogSAXParser() function in Liquibase prior to version 4.8.0 contains an issue that may lead to to Improper Restriction of XML External Entity Reference.

Metadata

Created: 2022-03-05T00:00:45Z
Modified: 2022-03-18T21:12:35Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/03/GHSA-jvfv-hrrc-6q72/GHSA-jvfv-hrrc-6q72.json
CWE IDs: ["CWE-611"]
Alternative ID: GHSA-jvfv-hrrc-6q72
Finding: F083
Auto approve: 1