CVE-2022-4245

CWE-91 CWE-611 — XML External Entity (XXE)7 documents6 sources

Severity

4.3MEDIUM

EPSS

0.1%

top 81.38%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Codehaus-plexus Plexus-utils Redhat Integration Camel K

Timeline

PublishedSep 25

Description

A flaw was found in codehaus-plexus. The org.codehaus.plexus.util.xml.XmlWriterUtil#writeComment fails to sanitize comments for a --> sequence. This issue means that text contained in the command string could be interpreted as XML and allow for XML injection.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages4 packages

▶NVDcodehaus-plexus/plexus-utils< 3.0.24

▶Mavenorg.codehaus.plexus:plexus-utils< 3.0.24

▶Debianplexus-utils2< 3.0.24-1+3

▶NVDredhat/integration_camel_k< 1.10.1

🔴Vulnerability Details

OSV

CVE-2022-4245: A flaw was found in codehaus-plexus↗2023-09-25

▶

OSV

codehaus-plexus vulnerable to XML injection↗2023-09-25

▶

CVEList

Codehaus-plexus: xml external entity (xxe) injection↗2023-09-25

▶

GHSA

codehaus-plexus vulnerable to XML injection↗2023-09-25

▶

📋Vendor Advisories

Red Hat

codehaus-plexus: XML External Entity (XXE) Injection↗2022-12-01

▶

Debian

CVE-2022-4245: plexus-utils2 - A flaw was found in codehaus-plexus. The org.codehaus.plexus.util.xml.XmlWriterU...↗2022

▶