Headline

GHSA-6296-mvgp-27hp: XML External Entity Reference in Eclipse Lyo

In Eclipse Lyo versions 1.0.0 to 4.1.0, a TransformerFactory is initialized with the defaults that do not restrict DTD loading when working with RDF/XML. This allows an attacker to cause an external DTD to be retrieved.

2 years ago

ghsa

Open in Source

#git

XML External Entity Reference in Eclipse Lyo

Moderate severity GitHub Reviewed Published Jul 8, 2022 • Updated Jul 8, 2022

2 years ago

CVE

Open in Source

#vulnerability #apache #git #java #oracle #auth

ghsa: Latest News

GHSA-pj33-75x5-32j4: RabbitMQ HTTP API's queue deletion endpoint does not verify that the user has a required permission

19 hours ago

ghsa

GHSA-jjxq-ff2g-95vh: Twig has unguarded calls to `__isset()` and to array-accesses when the sandbox is enabled

19 hours ago

ghsa

GHSA-6377-hfv9-hqf6: Twig has unguarded calls to `__toString()` when nesting an object into an array

19 hours ago

ghsa

GHSA-hv6m-qj65-26q3: UnoPim Cross-site Scripting vulnerability

20 hours ago

ghsa

GHSA-rhm9-gp5p-5248: Gradio vulnerable to arbitrary file read with File and UploadButton components

23 hours ago

ghsa

Headline

GHSA-6296-mvgp-27hp: XML External Entity Reference in Eclipse Lyo

Related news

ghsa: Latest News