Home > Vulnerability Database > CVE-2024-31573

Mend.io Vulnerability Database

CVE-2024-31573

Good to know:

Date: August 19, 2025

When performing XSLT transformations XMLUnit for Java before 2.10.0 did not disable XSLT extension functions by default. Depending on the XSLT processor being used this could allow arbitrary code to be executed when XMLUnit is used to transform data with a stylesheet who's source can not be trusted. If the stylesheet can be provided externally this may even lead to a remote code execution.

Language: Java

Severity Score

5.6

Related Resources (7)

Url: https://github.com/xmlunit/xmlunit

Url: https://docs.oracle.com/en/java/javase/22/security/java-api-xml-processing-jaxp-security-guide.html#GUID-E345AA09-801E-4B95-B83D-7F0C452538AA

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-31573

Url: https://github.com/xmlunit/xmlunit/issues/264

Url: https://github.com/xmlunit/xmlunit/commit/b81d48b71dfd2868bdfc30a3e17ff973f32bc15b

Url: https://github.com/xmlunit/xmlunit/security/advisories/GHSA-chfm-68vv-pvw5

Url: https://www.mend.io/vulnerability-database/CVE-2024-31573

Severity Score

5.6

Top Fix

Upgrade Version

Upgrade to version org.xmlunit:xmlunit-core:2.10.0

Learn More

CVSS v3.1

Base Score:	5.6
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2024-31573

Good to know:

Date: August 19, 2025

Language: Java

Severity Score

Related Resources (7)

Severity Score

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?