Required CVE Record Information
Description
The CycloneDX JavaScript library contains the core functionality of OWASP CycloneDX for JavaScript. In 6.7.0, XML External entity injections were possible, when running the provided XML Validator on arbitrary input. This issue was fixed in version 6.7.1.
CVSS 1 Total
| Score | Severity | Version | Vector String |
|---|---|---|---|
| 8.1 | HIGH | 3.1 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
References 3 Total
- github.com: https://github.com/CycloneDX/cyclonedx-javascript-library/security/advisories/GHSA-38gf-rh2w-gmj7
- github.com: https://github.com/CycloneDX/cyclonedx-javascript-library/pull/1063
- github.com: https://github.com/CycloneDX/cyclonedx-javascript-library/commit/5e5e1e0b9422f47d2de81c7c4064b803a01e7203
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 3 Total
- github.com: https://github.com/CycloneDX/cyclonedx-javascript-library/security/advisories/GHSA-38gf-rh2w-gmj7 x_transferred
- github.com: https://github.com/CycloneDX/cyclonedx-javascript-library/pull/1063 x_transferred
- github.com: https://github.com/CycloneDX/cyclonedx-javascript-library/commit/5e5e1e0b9422f47d2de81c7c4064b803a01e7203 x_transferred