A flaw was found in codehaus-plexus. The org.codehaus.plexus.util.xml.XmlWriterUtil#writeComment fails to sanitize comments for a --> sequence. This issue means that text contained in the command string could be interpreted as XML and allow for XML injection.
References
Link | Resource |
---|---|
https://access.redhat.com/errata/RHSA-2023:2135 | |
https://access.redhat.com/errata/RHSA-2023:3906 | Third Party Advisory |
https://access.redhat.com/security/cve/CVE-2022-4245 | Third Party Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=2149843 | Issue Tracking Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2023-09-25T19:20:57.329Z
Updated: 2024-06-04T17:16:32.674Z
Reserved: 2022-12-01T06:39:39.475Z
Link: CVE-2022-4245
JSON object: View
NVD Information
Status : Modified
Published: 2023-09-25T20:15:10.400
Modified: 2024-05-03T16:15:08.987
Link: CVE-2022-4245
JSON object: View
Redhat Information
No data.