https://bugzilla.redhat.com/show_bug.cgi?id=1796858
Bug ID: 1796858 Summary: CVE-2019-10782 checkstyle: XML External Entity Injection due to an incomplete fix for CVE-2019-9658 Product: Security Response Hardware: All OS: Linux Status: NEW Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team@redhat.com Reporter: psampaio@redhat.com CC: dbhole@redhat.com, edewata@redhat.com, extras-orphan@fedoraproject.org, greg.hellings@gmail.com, java-sig-commits@lists.fedoraproject.org, mizdebsk@redhat.com, nsantos@redhat.com, rob.myers@gtri.gatech.edu Target Milestone: --- Classification: Other
All versions of com.puppycrawl.tools:checkstyle before 8.29 are vulnerable to XML External Entity (XXE) Injection due to an incomplete fix for CVE-2019-9658.
References:
https://snyk.io/vuln/SNYK-JAVA-COMPUPPYCRAWLTOOLS-543266