search

5l1D3R / Github-actions

0 stars 0 forks source link

CVE: 2015-0254 found in jstl - Version: 1.2 [JAVA] #21

Open github-actions[bot] opened 1 year ago

github-actions[bot] commented 1 year ago

Veracode Software Composition Analysis

Attribute Details
Library jstl
Description null
Language JAVA
Vulnerability XML External Entity (XXE) Through An XSLT Extension
Vulnerability description Apache Standard Taglibs before 1.2.3 allows remote attackers to execute arbitrary code or conduct external XML entity (XXE) attacks via a crafted XSLT extension in a (1) or (2) JSTL XML tag.
CVE 2015-0254
CVSS score 7.5
Vulnerability present in version/s 1.0-1.2
Found library version/s 1.2
Vulnerability fixed in version
Library latest version 1.2
Fix

Links:

github-actions[bot] commented 1 year ago

Veracode issue link to PR: https://github.com/5l1D3R/Github-actions/pull/2