CVE-2019-9843

CVE-2019-9843

In DiffPlug Spotless before 1.20.0 (library and Maven plugin) and before 3.20.0 (Gradle plugin), the XML parser would resolve external entities over both HTTP and HTTPS and didn’t respect the resolveExternalEntities setting. For example, this allows disclosure of file contents to a MITM attacker if a victim performs a spotlessApply operation on an untrusted XML file.

Source: CVE-2019-9843

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다