-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe analysis involved examining the provided security patches and identifying the functions that were modified to prevent XXE attacks. The patches introduced a new utility class XmlProcessorFactory with methods to create DocumentBuilderFactory and SAXParserFactory instances that are configured to prevent XXE attacks. The vulnerable functions were those that used SAXParserFactory.newInstance() or DocumentBuilderFactory.newInstance() without configuring them to prevent XXE attacks. The patched functions use the new utility class to create instances that are configured to prevent XXE attacks.
JavaJava| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.eclipse.platform:org.eclipse.core.runtime | maven | < 3.29.0 | 3.29.0 |
| org.eclipse.platform:org.eclipse.platform | maven | < 4.29.0 | 4.29.0 |
| org.eclipse.platform:org.eclipse.jface | maven | < 3.31.0 | 3.31.0 |
| org.eclipse.platform:org.eclipse.ui.forms | maven | < 3.13.0 | 3.13.0 |
| org.eclipse.platform:org.eclipse.ui.ide | maven | < 3.21.100 | 3.21.100 |
| org.eclipse.platform:org.eclipse.ui.workbench | maven | < 3.130.0 | 3.130.0 |
| org.eclipse.platform:org.eclipse.urischeme | maven | < 1.3.100 | 1.3.100 |
| org.eclipse.jdt:org.eclipse.jdt.ui | maven | < 3.30.0 | 3.30.0 |
Ongoing coverage of React2Shell