A flaw was found in codehaus-plexus. The org.codehaus.plexus.util.xml.XmlWriterUtil#writeComment fails to sanitize comments for a --> sequence. This issue means that text contained in the command string could be interpreted as XML and allow for XML injection.
References
Link | Resource |
---|---|
https://access.redhat.com/errata/RHSA-2023:3906 | Third Party Advisory |
https://access.redhat.com/security/cve/CVE-2022-4245 | Third Party Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=2149843 | Issue Tracking Third Party Advisory |
Configurations
History
02 Oct 2023, 19:27
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://access.redhat.com/security/cve/CVE-2022-4245 - Third Party Advisory | |
References | (MISC) https://access.redhat.com/errata/RHSA-2023:3906 - Third Party Advisory | |
References | (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2149843 - Issue Tracking, Third Party Advisory | |
CPE | cpe:2.3:a:redhat:integration_camel_k:*:*:*:*:*:*:*:* cpe:2.3:a:codehaus-plexus_project:codehaus-plexus:*:*:*:*:*:*:*:* |
|
CWE | CWE-611 | |
First Time |
Redhat integration Camel K
Codehaus-plexus Project Redhat Codehaus-plexus Project codehaus-plexus |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.3 |
25 Sep 2023, 20:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-09-25 20:15
Updated : 2023-12-10 15:14
NVD link : CVE-2022-4245
Mitre link : CVE-2022-4245
CVE.ORG link : CVE-2022-4245
JSON object : View
Products Affected
redhat
- integration_camel_k
codehaus-plexus_project
- codehaus-plexus