) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
Search Parameters:
- Results Type: Overview
- Search Type: Search All
- CPE Vendor: cpe:/:pmd_project
- CPE Product: cpe:/:pmd_project:pmd
- CPE Product Version: cpe:/:pmd_project:pmd:3.14.0
There are 1 matching records.
Displaying matches 1 through 1.
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2019-7722 |
PMD 5.8.1 and earlier processes XML external entities in ruleset files it parses as part of the analysis process, allowing attackers tampering it (either by direct modification or MITM attacks when using remote rulesets) to perform information disclosure, denial of service, or request forgery attacks. (PMD 6.x is unaffected because of a 2017-09-15 change.) Published: February 11, 2019; 9:29:00 AM -0500 |
V4.0:(not available) V3.0: 8.1 HIGH V2.0: 6.8 MEDIUM |