CVE-2024-55887 – Ucum-Java XML External Entity Injection Vulnerability

12月 13, 2024
5:16 pm

CVE ID : CVE-2024-55887

Published : Dec. 13, 2024, 4:15 p.m. | 1 hour ago

Description : Ucum-java is a FHIR Java library providing UCUM Services. In versions prior to 1.0.9, XML parsing performed by the UcumEssenceService is vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag could produce XML containing data from the host system. This impacts use cases where ucum is being used to within a host where external clients can submit XML. Release 1.0.9 of Ucum-java fixes this vulnerability. As a workaround, ensure that the source xml for instantiating UcumEssenceService is trusted.

Severity: 8.6 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2024-55887 – Ucum-Java XML External Entity Injection Vulnerability

Elvescore.io

Recent Posts

CVE-2024-12949 – Code-projects Travel Management System SQL Injection Vulnerability

CVE-2024-12950 – Adobe Code-Projects Travel Management System SQL Injection Vulnerability

CVE-2024-47148 – Honor Privilege Assignment Vulnerability

CVE-2024-47153 – Honor Information Leak Vulnerability

CVE-2024-47154 – Honor Information Leak Vulnerability

CVE-2024-47155 – Honor Information Leak Vulnerability

CVE-2024-55887 – Ucum-Java XML External Entity Injection Vulnerability

CVE-2024-55887 – Ucum-Java XML External Entity Injection Vulnerability