在线时间:8:00-16:00
迪恩网络APP
随时随地掌握行业动态
扫描二维码
关注迪恩网络微信公众号
CVE-2019-9843DiffPlug Spotless 信息泄露漏洞 发布时间:2019-06-28类型:CANstatus:Candidatephase:Assigned数据库:HTTPHTTPS 漏洞描述DiffPlug Spotless是一款代码格式化工具。该工具主要用于检查和修复代码格式错误。 DiffPlug Spotless 1.20.0之前版本(library和Maven插件)和3.20.0之前版本(Gradle插件)中存在代码问题漏洞。该漏洞源于网络系统或产品的代码开发过程中存在设计或实现不当的问题。In DiffPlug Spotless before 1.20.0 (library and Maven plugin) and before 3.20.0 (Gradle plugin), the XML parser would resolve external entities over both HTTP and HTTPS and didn't respect the resolveExternalEntities setting. For example, this allows disclosure of file contents to a MITM attacker if a victim performs a spotlessApply operation on an untrusted XML file. 参考文献
|
2023-10-27
2022-08-15
2022-08-17
2022-09-23
2022-08-13
请发表评论