Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS12MnhtLTc2cHEtcGhjZs4AA9Qy
ClassGraph XML External Entity Reference
ClassGraph before 4.8.112 was not resistant to XML eXternal Entity (XXE) attacks.
Permalink: https://github.com/advisories/GHSA-v2xm-76pq-phcfJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS12MnhtLTc2cHEtcGhjZs4AA9Qy
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 5 months ago
Updated: 4 months ago
CVSS Score: 6.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Identifiers: GHSA-v2xm-76pq-phcf, CVE-2021-47621
References:
- https://nvd.nist.gov/vuln/detail/CVE-2021-47621
- https://github.com/classgraph/classgraph/pull/539
- https://github.com/classgraph/classgraph/commit/681362ad6b0b9d9abaffb2e07099ce54d7a41fa3
- https://docs.r3.com/en/platform/corda/4.8/enterprise/release-notes-enterprise.html
- https://github.com/classgraph/classgraph/releases/tag/classgraph-4.8.112
- https://github.com/advisories/GHSA-v2xm-76pq-phcf
Blast Radius: 20.9
Affected Packages
maven:io.github.classgraph:classgraph
Dependent packages: 667Dependent repositories: 1,664
Downloads:
Affected Version Ranges: < 4.8.112
Fixed in: 4.8.112
All affected versions: 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.5, 4.0.6, 4.0.7, 4.1.0, 4.1.1, 4.1.2, 4.1.3, 4.1.4, 4.1.5, 4.1.6, 4.1.7, 4.2.0, 4.2.1, 4.2.2, 4.2.3, 4.2.4, 4.2.5, 4.2.6, 4.2.7, 4.2.8, 4.2.9, 4.2.10, 4.2.11, 4.2.12, 4.3.0, 4.3.1, 4.4.0, 4.4.1, 4.4.2, 4.4.3, 4.4.4, 4.4.5, 4.4.6, 4.4.7, 4.4.8, 4.4.9, 4.4.10, 4.4.11, 4.4.12, 4.6.0, 4.6.1, 4.6.2, 4.6.3, 4.6.4, 4.6.5, 4.6.6, 4.6.7, 4.6.8, 4.6.9, 4.6.10, 4.6.11, 4.6.12, 4.6.13, 4.6.14, 4.6.15, 4.6.16, 4.6.17, 4.6.18, 4.6.19, 4.6.20, 4.6.21, 4.6.22, 4.6.23, 4.6.24, 4.6.25, 4.6.26, 4.6.27, 4.6.28, 4.6.29, 4.6.30, 4.6.31, 4.6.32, 4.8.0, 4.8.1, 4.8.2, 4.8.3, 4.8.4, 4.8.5, 4.8.6, 4.8.7, 4.8.8, 4.8.9, 4.8.10, 4.8.11, 4.8.12, 4.8.13, 4.8.14, 4.8.15, 4.8.16, 4.8.17, 4.8.19, 4.8.20, 4.8.21, 4.8.22, 4.8.23, 4.8.24, 4.8.25, 4.8.26, 4.8.27, 4.8.28, 4.8.29, 4.8.30, 4.8.31, 4.8.32, 4.8.33, 4.8.34, 4.8.35, 4.8.36, 4.8.37, 4.8.38, 4.8.39, 4.8.40, 4.8.41, 4.8.42, 4.8.43, 4.8.44, 4.8.45, 4.8.46, 4.8.47, 4.8.48, 4.8.49, 4.8.50, 4.8.51, 4.8.52, 4.8.53, 4.8.54, 4.8.55, 4.8.56, 4.8.57, 4.8.58, 4.8.59, 4.8.60, 4.8.61, 4.8.62, 4.8.63, 4.8.64, 4.8.65, 4.8.66, 4.8.67, 4.8.68, 4.8.69, 4.8.70, 4.8.71, 4.8.72, 4.8.73, 4.8.74, 4.8.75, 4.8.76, 4.8.77, 4.8.78, 4.8.79, 4.8.80, 4.8.81, 4.8.82, 4.8.83, 4.8.84, 4.8.85, 4.8.86, 4.8.87, 4.8.88, 4.8.89, 4.8.90, 4.8.91, 4.8.92, 4.8.93, 4.8.94, 4.8.95, 4.8.96, 4.8.97, 4.8.98, 4.8.100, 4.8.101, 4.8.102, 4.8.103, 4.8.104, 4.8.105, 4.8.106, 4.8.107, 4.8.108, 4.8.109, 4.8.110, 4.8.111
All unaffected versions: 4.8.112, 4.8.113, 4.8.114, 4.8.115, 4.8.116, 4.8.117, 4.8.118, 4.8.119, 4.8.120, 4.8.121, 4.8.122, 4.8.123, 4.8.124, 4.8.125, 4.8.126, 4.8.127, 4.8.128, 4.8.129, 4.8.130, 4.8.131, 4.8.132, 4.8.133, 4.8.134, 4.8.135, 4.8.136, 4.8.137, 4.8.138, 4.8.139, 4.8.140, 4.8.141, 4.8.143, 4.8.144, 4.8.145, 4.8.146, 4.8.147, 4.8.148, 4.8.149, 4.8.150, 4.8.151, 4.8.152, 4.8.153, 4.8.154, 4.8.155, 4.8.156, 4.8.157, 4.8.158, 4.8.159, 4.8.160, 4.8.161, 4.8.162, 4.8.163, 4.8.164, 4.8.165, 4.8.166, 4.8.167, 4.8.168, 4.8.170, 4.8.171, 4.8.172, 4.8.173, 4.8.174, 4.8.175, 4.8.176, 4.8.177, 4.8.178, 4.8.179