CVE-2019-9628 – org.opensaml:xmltooling

Package

Manager: maven
Name: org.opensaml:xmltooling
Vulnerable Version: <0

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00909 pctl0.74924

Details

XMLTooling Library Incorrectly Handles Some Exceptions The XMLTooling library all versions prior to V3.0.4, provided with the OpenSAML and Shibboleth Service Provider software, contains an XML parsing class. Invalid data in the XML declaration causes an exception of a type that was not handled properly in the parser class and propagates an unexpected exception type.

Metadata

Created: 2022-05-13T01:02:16Z
Modified: 2023-08-01T18:26:15Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-6hvf-xvwm-vrw4/GHSA-6hvf-xvwm-vrw4.json
CWE IDs: ["CWE-755"]
Alternative ID: GHSA-6hvf-xvwm-vrw4
Finding: N/A
Auto approve: 0