CVE-2024-31573

Summary

XMLUnit for Java before 2.10.0, in the default configuration, might allow code execution via an untrusted stylesheet (used for an XSLT transformation), because XSLT extension functions are enabled.

Affected Software

VendorProductVersion RangeStatus
XMLUnitXMLUnit for Java2.0.0 < 2.10.0affected

Weaknesses

  • CWE-669: CWE-669 Incorrect Resource Transfer Between Spheres

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

Additional References

References