@cyclonedx/cyclonedx-library Improper Restriction of XML External Entity Reference vulnerability

Description

XML External entity injections could be possible, when running the provided XML Validator on arbitrary input.

Recommendation

Update the @cyclonedx/cyclonedx-library package to the latest compatible version. Followings are version details:

• Affected version(s): = 6.7.0
• Patched version(s): 6.7.1

References

• GHSA-38gf-rh2w-gmj7
• CVE-2024-34345
• CWE-611
• CAPEC-310
• OWASP 2021-A5
• OWASP 2021-A6

Related Issues

• Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability - CVE-2024-35255
• Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability - @azure/identity - CVE-2024-35255
• Svelte has a potential mXSS vulnerability due to improper HTML escaping - CVE-2024-45047
• react-native-mmkv Insertion of Sensitive Information into Log File vulnerability - CVE-2024-21668

You might also like:

How do hackers hack websites?

CSRF, XXE, and 12 Other Security Acronyms Explained

Exploiting Server Version Disclosure

Tags:

npm

@cyclonedx/cyclonedx-library