CVE-2019-9658

nvd nist

Published: Mar 11, 2019Modified: Nov 21, 2024

5.3

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

Checkstyle before 8.18 loads external DTDs by default.

Affected (4)

Products: Checkstyle: Checkstyle · Debian: Debian Linux · Fedoraproject: Fedora

1 product

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Checkstyle Checkstyle	Before 8.18

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 8.0

Configuration C

2 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 28
Fedoraproject Fedora	Version 29

Related CWEs

CWE-611

Improper Restriction of XML External Entity Reference

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

References (28)

https://checkstyle.org/releasenotes.html#Release_8.18

Source: cve@mitre.org

Release NotesVendor Advisory

https://github.com/checkstyle/checkstyle/issues/6474

Source: cve@mitre.org

Third Party Advisory

https://github.com/checkstyle/checkstyle/issues/6478

Source: cve@mitre.org

Third Party Advisory

https://github.com/checkstyle/checkstyle/pull/6476

Source: cve@mitre.org

Third Party Advisory

https://lists.apache.org/thread.html/6bf8bbbca826e883f09ba40bc0d319350e1d6d4cf4df7c9e399b2699%40%3Ccommits.fluo.apache.org%3E

Source: cve@mitre.org

https://lists.apache.org/thread.html/7eea10e7be4c21060cb1e79f6524c6e6559ba833b1465cd2870a56b9%40%3Cserver-dev.james.apache.org%3E

Source: cve@mitre.org

https://lists.apache.org/thread.html/994221405e940e148adcfd9cb24ffc6700bed70c7820c55a22559d26%40%3Cnotifications.fluo.apache.org%3E

Source: cve@mitre.org

https://lists.apache.org/thread.html/a35a8ccb316d4c2340710f610cba8058e87d5376259b35ef3ed2bf89%40%3Cnotifications.accumulo.apache.org%3E

Source: cve@mitre.org

https://lists.apache.org/thread.html/fff26ee7b59360a0264fef4e8ed9454ef652db2c39f2892a9ea1c9cb%40%3Cnotifications.fluo.apache.org%3E

Source: cve@mitre.org

https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679%40%3Ccommits.nifi.apache.org%3E

Source: cve@mitre.org

https://lists.debian.org/debian-lts-announce/2019/04/msg00029.html

Source: cve@mitre.org

Third Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2BMOPJ2XYE4LB2HM7OMSUBBIYEDUTLWE/

Source: cve@mitre.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AEYBAHYAV37WHMOXZYM2ZWF46FHON6YC/

Source: cve@mitre.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VJPT54USMGWT3Y6XVXLDEHKRUY2EI4OE/

Source: cve@mitre.org

https://checkstyle.org/releasenotes.html#Release_8.18