Search Results (Refine Search)
- Results Type: Overview
- Search Type: Search All
- CPE Vendor: cpe:/:pmd_project
- CPE Product: cpe:/:pmd_project:pmd
- CPE Product Version: cpe:/:pmd_project:pmd:3.14.0
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2019-7722 |
PMD 5.8.1 and earlier processes XML external entities in ruleset files it parses as part of the analysis process, allowing attackers tampering it (either by direct modification or MITM attacks when using remote rulesets) to perform information disclosure, denial of service, or request forgery attacks. (PMD 6.x is unaffected because of a 2017-09-15 change.) Published: February 11, 2019; 9:29:00 AM -0500 |
V4.0:(not available) V3.0: 8.1 HIGH V2.0: 6.8 MEDIUM |