Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS02aHZmLXh2d20tdnJ3NM3oqw
XMLTooling Library Incorrectly Handles Some Exceptions
The XMLTooling library all versions prior to V3.0.4, provided with the OpenSAML and Shibboleth Service Provider software, contains an XML parsing class. Invalid data in the XML declaration causes an exception of a type that was not handled properly in the parser class and propagates an unexpected exception type.
Permalink: https://github.com/advisories/GHSA-6hvf-xvwm-vrw4JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS02aHZmLXh2d20tdnJ3NM3oqw
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: over 2 years ago
Updated: over 1 year ago Widthdrawn: over 1 year ago
CVSS Score: 7.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Percentage: 0.02464
EPSS Percentile: 0.90244
Identifiers: GHSA-6hvf-xvwm-vrw4, CVE-2019-9628
References:
- https://nvd.nist.gov/vuln/detail/CVE-2019-9628
- https://bugs.launchpad.net/ubuntu/+source/xmltooling/+bug/1819912
- https://security.netapp.com/advisory/ntap-20190611-0003/
- https://shibboleth.net/community/advisories/secadv_20190311.txt
- https://usn.ubuntu.com/3921-1/
- https://wiki.shibboleth.net/confluence/display/SP3/SecurityAdvisories
- http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00079.html
- http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00095.html
- https://github.com/advisories/GHSA-6hvf-xvwm-vrw4
Affected Packages
maven:org.opensaml:xmltooling
Dependent packages: 42Dependent repositories: 205
Downloads:
Affected Version Ranges: < 3.0.4
Fixed in: 3.0.4
All affected versions: 1.3.4, 1.4.0, 1.4.1, 1.4.4
All unaffected versions: