https://bugzilla.redhat.com/show_bug.cgi?id=1801149
Bug ID: 1801149
Summary: CVE-2019-13990 libquartz-java: XXE attacks via job
description
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: darunesh(a)redhat.com
CC: agrimm(a)gmail.com, aileenc(a)redhat.com,
akoufoud(a)redhat.com, alazarot(a)redhat.com,
almorale(a)redhat.com, anstephe(a)redhat.com,
bbuckingham(a)redhat.com, bcourt(a)redhat.com,
bkearney(a)redhat.com, btotty(a)redhat.com,
chazlett(a)redhat.com, dblechte(a)redhat.com,
dfediuck(a)redhat.com, drieden(a)redhat.com,
eedri(a)redhat.com, etirelli(a)redhat.com,
extras-orphan(a)fedoraproject.org, ggaughan(a)redhat.com,
gvarsami(a)redhat.com, hhudgeon(a)redhat.com,
ibek(a)redhat.com, janstey(a)redhat.com,
java-sig-commits(a)lists.fedoraproject.org,
jcoleman(a)redhat.com, jochrist(a)redhat.com,
jstastny(a)redhat.com, jwon(a)redhat.com,
kconner(a)redhat.com, krathod(a)redhat.com,
kverlaen(a)redhat.com, ldimaggi(a)redhat.com,
lef(a)fedoraproject.org, lzap(a)redhat.com,
mgoldboi(a)redhat.com, michal.skrivanek(a)redhat.com,
mmccune(a)redhat.com, mnovotny(a)redhat.com,
nwallace(a)redhat.com, paradhya(a)redhat.com,
pjindal(a)redhat.com, puntogil(a)libero.it,
rchan(a)redhat.com, rjerrido(a)redhat.com,
rrajasek(a)redhat.com, rsynek(a)redhat.com,
rwagner(a)redhat.com, sbonazzo(a)redhat.com,
sdaley(a)redhat.com, sherold(a)redhat.com,
sokeeffe(a)redhat.com, tbrisker(a)redhat.com,
tcunning(a)redhat.com, tkirby(a)redhat.com,
tlestach(a)redhat.com, yturgema(a)redhat.com
Target Milestone: ---
Classification: Other
A vulnerability was found in initDocumentParser in
xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through
2.3.0 allows XXE attacks via a job description.
Reference:
https://github.com/quartz-scheduler/quartz/issues/467
https://lists.apache.org/thread.html/172d405e556e2f1204be126bb3eb28c5115a...
https://lists.apache.org/thread.html/1870324fea41ea68cff2fd1bf6ee2747432d...
https://lists.apache.org/thread.html/6b6e3480b19856365fb5eef03aa0915a4679...
https://lists.apache.org/thread.html/e493e718a50f21201e05e82d42a8796b4046...
https://lists.apache.org/thread.html/f74b170d3d58d7a24db1afd3908bb0ab58a3...
--
You are receiving this mail because:
You are on the CC list for the bug.