← Volver a CVEs
CVE-2019-9843
N/ADescripcion
In DiffPlug Spotless before 1.20.0 (library and Maven plugin) and before 3.20.0 (Gradle plugin), the XML parser would resolve external entities over both HTTP and HTTPS and didn't respect the resolveExternalEntities setting. For example, this allows disclosure of file contents to a MITM attacker if a victim performs a spotlessApply operation on an untrusted XML file.
Detalles CVE
Puntuacion CVSS v3.1N/A
Publicado6/28/2019
Ultima modificacion11/21/2024
Fuentenvd
Avistamientos honeypot0
Productos afectados
diffplug:gradlediffplug:maven
Debilidades (CWE)
CWE-611
Referencias
https://github.com/diffplug/spotless/blob/master/plugin-gradle/CHANGES.md#version-3200---march-11th-2018-javadoc-jcenter(cve@mitre.org)
https://github.com/diffplug/spotless/blob/master/plugin-maven/CHANGES.md#version-1200---march-14th-2018-javadoc-jcenter(cve@mitre.org)
https://github.com/diffplug/spotless/issues/358(cve@mitre.org)
https://github.com/diffplug/spotless/pull/369(cve@mitre.org)
https://lists.apache.org/thread.html/r7406e297228c42deeecdd12a576e39d63073faebf14b027b7608fdfd%40%3Cissues.iceberg.apache.org%3E(cve@mitre.org)
https://github.com/diffplug/spotless/blob/master/plugin-gradle/CHANGES.md#version-3200---march-11th-2018-javadoc-jcenter(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/diffplug/spotless/blob/master/plugin-maven/CHANGES.md#version-1200---march-14th-2018-javadoc-jcenter(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/diffplug/spotless/issues/358(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/diffplug/spotless/pull/369(af854a3a-2127-422b-91ae-364da2661108)
https://lists.apache.org/thread.html/r7406e297228c42deeecdd12a576e39d63073faebf14b027b7608fdfd%40%3Cissues.iceberg.apache.org%3E(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.