CVE-2024-31573
4
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
Summary
XMLUnit for Java before 2.10.0, in the default configuration, might allow code execution via an untrusted stylesheet (used for an XSLT transformation), because XSLT extension functions are enabled.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| XMLUnit | XMLUnit for Java | 2.0.0 < 2.10.0 | affected |
Weaknesses
- CWE-669: CWE-669 Incorrect Resource Transfer Between Spheres
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: no
- Technical Impact: partial
Additional References
References
- https://github.com/advisories/GHSA-chfm-68vv-pvw5
- https://github.com/xmlunit/xmlunit/issues/264
- https://github.com/xmlunit/xmlunit/commit/b81d48b71dfd2868bdfc30a3e17ff973f32bc15b
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.