nvd-json-data-feeds/CVE-2024/CVE-2024-343xx/CVE-2024-34345.json

{
  "id": "CVE-2024-34345",
  "sourceIdentifier": "security-advisories@github.com",
  "published": "2024-05-14T15:38:40.380",
  "lastModified": "2024-05-14T16:12:23.490",
  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The CycloneDX JavaScript library contains the core functionality of OWASP CycloneDX for JavaScript. In 6.7.0, XML External entity injections were possible, when running the provided XML Validator on arbitrary input. This issue was fixed in version 6.7.1."
    },
    {
      "lang": "es",
      "value": "La librer\u00eda JavaScript CycloneDX contiene la funcionalidad principal de OWASP CycloneDX para JavaScript. En 6.7.0, las inyecciones de entidades externas XML eran posibles al ejecutar el validador XML proporcionado en entradas arbitrarias. Este problema se solucion\u00f3 en la versi\u00f3n 6.7.1."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "security-advisories@github.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector": "NETWORK",
          "attackComplexity": "HIGH",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 8.1,
          "baseSeverity": "HIGH"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 5.9
      }
    ]
  },
  "weaknesses": [
    {
      "source": "security-advisories@github.com",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-611"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://github.com/CycloneDX/cyclonedx-javascript-library/commit/5e5e1e0b9422f47d2de81c7c4064b803a01e7203",
      "source": "security-advisories@github.com"
    },
    {
      "url": "https://github.com/CycloneDX/cyclonedx-javascript-library/pull/1063",
      "source": "security-advisories@github.com"
    },
    {
      "url": "https://github.com/CycloneDX/cyclonedx-javascript-library/security/advisories/GHSA-38gf-rh2w-gmj7",
      "source": "security-advisories@github.com"
    }
  ]
}