CVE-2021-4295

Summary

A vulnerability classified as problematic was found in ONC code-validator-api up to 1.0.30. This vulnerability affects the function vocabularyValidationConfigurations of the file src/main/java/org/sitenv/vocabularies/configuration/CodeValidatorApiConfiguration.java of the component XML Handler. The manipulation leads to xml external entity reference. Upgrading to version 1.0.31 is able to address this issue. The name of the patch is fbd8ea121755a2d3d116b13f235bc8b61d8449af. It is recommended to upgrade the affected component. VDB-217018 is the identifier assigned to this vulnerability.

Affected Software

VendorProductVersion RangeStatus
ONCcode-validator-api1.0.0affected
ONCcode-validator-api1.0.1affected
ONCcode-validator-api1.0.2affected
ONCcode-validator-api1.0.3affected
ONCcode-validator-api1.0.4affected
ONCcode-validator-api1.0.5affected
ONCcode-validator-api1.0.6affected
ONCcode-validator-api1.0.7affected
ONCcode-validator-api1.0.8affected
ONCcode-validator-api1.0.9affected
ONCcode-validator-api1.0.10affected
ONCcode-validator-api1.0.11affected
ONCcode-validator-api1.0.12affected
ONCcode-validator-api1.0.13affected
ONCcode-validator-api1.0.14affected
ONCcode-validator-api1.0.15affected
ONCcode-validator-api1.0.16affected
ONCcode-validator-api1.0.17affected
ONCcode-validator-api1.0.18affected
ONCcode-validator-api1.0.19affected
ONCcode-validator-api1.0.20affected
ONCcode-validator-api1.0.21affected
ONCcode-validator-api1.0.22affected
ONCcode-validator-api1.0.23affected
ONCcode-validator-api1.0.24affected
ONCcode-validator-api1.0.25affected
ONCcode-validator-api1.0.26affected
ONCcode-validator-api1.0.27affected
ONCcode-validator-api1.0.28affected
ONCcode-validator-api1.0.29affected
ONCcode-validator-api1.0.30affected

Weaknesses

  • CWE-611: CWE-611 XML External Entity Reference

ADP Enrichment

CVE Program Container

Additional References

References