mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-28 09:11:28 +00:00
33 lines
924 B
JSON
33 lines
924 B
JSON
{
|
|
"id": "CVE-2024-36522",
|
|
"sourceIdentifier": "security@apache.org",
|
|
"published": "2024-07-12T13:15:11.867",
|
|
"lastModified": "2024-07-12T13:15:11.867",
|
|
"vulnStatus": "Received",
|
|
"cveTags": [],
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "The default configuration of XSLTResourceStream.java is vulnerable to remote code execution via XSLT injection when processing input from an untrusted source without validation.\nUsers are recommended to upgrade to versions 10.1.0, 9.18.0 or 8.16.0, which fix this issue."
|
|
}
|
|
],
|
|
"metrics": {},
|
|
"weaknesses": [
|
|
{
|
|
"source": "security@apache.org",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-74"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "https://lists.apache.org/thread/w613qh7yors840pbx00l1pq6wkl9jzkc",
|
|
"source": "security@apache.org"
|
|
}
|
|
]
|
|
} |