https://bugzilla.redhat.com/show_bug.cgi?id=1796858
Bug ID: 1796858
Summary: CVE-2019-10782 checkstyle: XML External Entity
Injection due to an incomplete fix for CVE-2019-9658
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: psampaio(a)redhat.com
CC: dbhole(a)redhat.com, edewata(a)redhat.com,
extras-orphan(a)fedoraproject.org,
greg.hellings(a)gmail.com,
java-sig-commits(a)lists.fedoraproject.org,
mizdebsk(a)redhat.com, nsantos(a)redhat.com,
rob.myers(a)gtri.gatech.edu
Target Milestone: ---
Classification: Other
All versions of com.puppycrawl.tools:checkstyle before 8.29 are vulnerable to
XML External Entity (XXE) Injection due to an incomplete fix for CVE-2019-9658.
References:
https://snyk.io/vuln/SNYK-JAVA-COMPUPPYCRAWLTOOLS-543266
--
You are receiving this mail because:
You are on the CC list for the bug.