Miggo Logo
Miggo Vulnerability Database
CVE-2018-1000643

CVE-2018-1000643:
Moderate severity vulnerability that affects org.owasp.antisamy:antisamy

N/A

CVSS Score

Basic Information

CVE ID
CVE-2018-1000643
GHSA ID
GHSA-xv6v-72hh-g6g2
EPSS Score
-
CWE
-
Published
10/18/2018
Updated
1/9/2023
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
CVSS metrics data is empty
Package NameEcosystemVulnerable VersionsFirst Patched Version
org.owasp.antisamy:antisamymaven<= 1.5.7

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability description explicitly identifies AntiSamy.scan() as the vulnerable component for both SAX and DOM implementations. While the CVE was later withdrawn as a false positive, the original advisory and GitHub GHSA documentation directly implicate this method as the attack surface. No other functions are mentioned in the provided vulnerability context, and the scan() method is inherently security-critical as it performs the input sanitization.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

OW*SP OW*SP *NTIS*MY v*rsion *.*.* *n* **rli*r *ont*ins * *ross Sit* S*riptin* (XSS) vuln*r**ility in *ntiS*my.s**n() - *or *ot* S*X & *OM t**t **n r*sult in *ross Sit* S*riptin*.

Reasoning

T** vuln*r**ility **s*ription *xpli*itly i**nti*i*s `*ntiS*my.s**n()` *s t** vuln*r**l* *ompon*nt *or *ot* S*X *n* *OM impl*m*nt*tions. W*il* t** *V* w*s l*t*r wit**r*wn *s * **ls* positiv*, t** ori*in*l **visory *n* *it*u* **S* *o*um*nt*tion *ir**tl