WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2019-10244 Vulnerability in maven package org.eclipse.kura:kura

Description

In Eclipse Kura versions up to 4.0.0, the Web UI package and component services, the Artemis simple Mqtt component and the emulator position service (not part of the device distribution) could potentially be target of XXE attack due to an improper factory and parser initialisation.

Remediation

References

http://www.securityfocus.com/bid/107844

https://bugs.eclipse.org/bugs/show_bug.cgi?id=545835

Related Vulnerabilities

CVE-2019-12313 Vulnerability in npm package shave

CVE-2022-24948 Vulnerability in maven package org.apache.jspwiki:jspwiki-main

CVE-2020-28435 Vulnerability in npm package ffmpeg-sdk

CVE-2020-15087 Vulnerability in maven package io.prestosql:presto-main

CVE-2024-36401 Vulnerability in maven package org.geoserver.web:gs-web-app

Severity

High

Classification

CWE-611 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Third Party Advisory VDB Entry Issue Tracking Vendor Advisory