Home > Vulnerability Database > CVE-2024-31573

Mend.io Vulnerability Database

CVE-2024-31573

Good to know:

Date: April 5, 2024

When performing XSLT transformations XMLUnit for Java before 2.10.0 did not disable XSLT extension functions by default. Depending on the XSLT processor being used this could allow arbitrary code to be executed when XMLUnit is used to transform data with a stylesheet who's source can not be trusted. If the stylesheet can be provided externally this may even lead to a remote code execution.

Language: Java

Severity Score

5.6

Related Resources (3)

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-31573

Url: https://github.com/xmlunit/xmlunit/commit/b81d48b71dfd2868bdfc30a3e17ff973f32bc15b

Url: https://www.mend.io/vulnerability-database/CVE-2024-31573

Severity Score

5.6

Top Fix

Upgrade Version

Upgrade to version org.xmlunit:xmlunit-core:2.10.0

Learn More

CVSS v3.1

Base Score:	5.6
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2024-31573

Good to know:

Date: April 5, 2024

Language: Java

Severity Score

Related Resources (3)

Severity Score

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?