-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stems from insecure XML parser configuration. The commit diff shows security hardening in these specific functions by adding: 1) disallow-doctype-decl feature, 2) external entity disabling, and 3) secure processing flags. The affected functions handle XML parsing/transformation of test reports without these protections in vulnerable versions, making them the entry points for XXE exploitation. The patch directly modifies these functions to add security features, confirming their vulnerable status pre-1.0.1.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.jvnet.hudson.plugins:mstest | maven | < 1.0.1 | 1.0.1 |
JavaJavaOngoing coverage of React2Shell