Home > Vulnerability Database > WS-2018-0629

Mend.io Vulnerability Database

New vulnerability? Tell us about it!

WS-2018-0629

Good to know:

Date: August 23, 2018

The woodstox-core package is vulnerable to improper restriction of XXE reference.

Language: Java

Severity Score

9.1

Related Resources (2)

Url: https://github.com/FasterXML/woodstox/commit/7937f97c638ef8afd385ebf4a675a9b096ccdd57

Url: https://www.mend.io/vulnerability-database/WS-2018-0629

Severity Score

9.1

Weakness Type (CWE)

Improper Restriction of XML External Entity Reference

CWE-611

Top Fix

Upgrade Version

Upgrade to version pyspark - 3.2.0;polozpavlo/allure - no_fix;AllureReport.Generator - no_fix;io.syndesis.server:server-runtime:1.3.5;io.syndesis.server:server-runtime:no_fix;io.syndesis.server:server-runtime:no_fix;io.syndesis.server:server-runtime:1.13.1;io.syndesis.server:server-runtime:no_fix;org.jboss.redhat-fuse.apicurio:fuse-apicurito-generator:no_fix;org.jboss.redhat-fuse.apicurio:fuse-apicurito-generator:no_fix;org.jboss.redhat-fuse.apicurio:fuse-apicurito-generator:no_fix;org.jboss.redhat-fuse.apicurio:fuse-apicurito-generator:no_fix;org.jboss.redhat-fuse.apicurio:fuse-apicurito-generator:no_fix;org.jboss.teiid.connectors:connector-ws:no_fix;org.kie:keycloak-kie-server-spring-boot-sample:7.60.0.Final;io.fabric8.quickstarts:spring-boot-camel-drools:no_fix;io.fabric8.quickstarts:spring-boot-camel-drools:no_fix;io.fabric8.quickstarts:spring-boot-camel-drools:no_fix;io.fabric8.quickstarts:spring-boot-camel-drools:no_fix;io.fabric8.quickstarts:spring-boot-camel-drools:no_fix;io.fabric8.quickstarts:spring-boot-camel-drools:no_fix;io.fabric8.quickstarts.cxf.jaxrs:spring-boot-cxf-jaxrs:no_fix;io.fabric8.quickstarts.cxf.jaxrs:spring-boot-cxf-jaxrs:no_fix;io.fabric8.quickstarts.cxf.jaxrs:spring-boot-cxf-jaxrs:no_fix;io.fabric8.quickstarts.cxf.jaxrs:spring-boot-cxf-jaxrs:no_fix;org.apache.cxf.systests:cxf-systests-ci-webapp:3.3.7;org.apache.cxf.systests:cxf-systests-ci-webapp:3.3.7;org.apache.cxf.systests:cxf-systests-ci-webapp:3.3.7;org.apache.cxf.systests:cxf-systests-ci-webapp:3.3.7;org.apache.cxf.systests:cxf-systests-ci-webapp:3.2.8;org.apache.cxf.systests:cxf-systests-ci-webapp:3.2.8;org.apache.cxf.systests:cxf-systests-ci-webapp:3.2.8;org.apache.cxf.systests:cxf-systests-ci-webapp:3.3.7;org.apache.cxf.systests:cxf-systests-ci-webapp:3.3.7;com.github.nkutsche:woodstox-core:no_fix;org.apache.cxf.services.xkms:cxf-services-xkms-war:3.3.7;org.apache.cxf.services.xkms:cxf-services-xkms-war:3.2.8;org.apache.cxf.services.xkms:cxf-services-xkms-war:3.2.8;org.apache.cxf.services.xkms:cxf-services-xkms-war:3.2.8;org.apache.cxf.services.xkms:cxf-services-xkms-war:3.3.7;org.apache.cxf.services.xkms:cxf-services-xkms-war:3.3.7;org.apache.cxf.services.xkms:cxf-services-xkms-war:3.3.7;org.apache.cxf.services.xkms:cxf-services-xkms-war:3.3.7;org.apache.cxf.services.xkms:cxf-services-xkms-war:3.3.7;io.fabric8.quickstarts.cxf.jaxws:spring-boot-cxf-jaxws-xml:no_fix;io.fabric8.quickstarts:spring-boot-camel-soap-rest-bridge:no_fix;io.fabric8.quickstarts:spring-boot-camel-soap-rest-bridge:no_fix;io.fabric8.quickstarts:spring-boot-camel-soap-rest-bridge:no_fix;io.fabric8.quickstarts:spring-boot-camel-soap-rest-bridge:no_fix;io.fabric8.quickstarts:spring-boot-camel-soap-rest-bridge:no_fix;org.kie:kie-server-spring-boot-kafka-sample:7.60.0.Final;io.fabric8.quickstarts:spring-boot-camel-rest-3scale:no_fix;io.fabric8.quickstarts:spring-boot-camel-rest-3scale:no_fix;io.fabric8.quickstarts:spring-boot-camel-rest-3scale:no_fix;io.fabric8.quickstarts:spring-boot-camel-rest-3scale:no_fix;io.fabric8.quickstarts.cxf.jaxws:spring-boot-cxf-jaxws:no_fix;io.fabric8.quickstarts.cxf.jaxws:spring-boot-cxf-jaxws:no_fix;io.fabric8.quickstarts.cxf.jaxws:spring-boot-cxf-jaxws:no_fix;io.fabric8.quickstarts.cxf.jaxws:spring-boot-cxf-jaxws:no_fix;io.fabric8.quickstarts.cxf.jaxws:spring-boot-cxf-jaxws:no_fix;com.redhat.fuse.boosters:fuse-rest-http-booster:no_fix;com.redhat.fuse.boosters:fuse-rest-http-booster:no_fix;com.redhat.fuse.boosters:fuse-rest-http-booster:no_fix;com.redhat.fuse.boosters:fuse-rest-http-booster:no_fix;org.codehaus.woodstox:woodstox-core-asl:4.2.1;org.codehaus.woodstox:woodstox-core-asl:4.1.2;org.codehaus.woodstox:woodstox-core-asl:no_fix;io.fabric8.quickstarts:spring-boot-camel-rest-sql:no_fix;io.fabric8.quickstarts:spring-boot-camel-rest-sql:no_fix;io.fabric8.quickstarts:spring-boot-camel-rest-sql:no_fix;io.fabric8.quickstarts:spring-boot-camel-rest-sql:no_fix;io.fabric8.quickstarts:spring-boot-camel-rest-sql:no_fix;org.codehaus.woodstox:woodstox-core-lgpl:4.1.2;org.codehaus.woodstox:woodstox-core-lgpl:4.2.1;io.syndesis.meta:meta:1.13.1;io.syndesis.meta:meta:1.13.1;io.fabric8.quickstarts.cxf.jaxrs:spring-boot-cxf-jaxrs-xml:no_fix;com.fasterxml.woodstox:woodstox-core:5.3.0;org.amqphub.jca:resource-adapter-thorntail-example:no_fix

Learn More

CVSS v3.1

Base Score:	9.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

WS-2018-0629

Good to know:

Date: August 23, 2018

Language: Java

Severity Score

Related Resources (2)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?