Jan Kowalleck

1 exploit Active since May 2024
CVE-2024-34345 WRITEUP HIGH WRITEUP
CycloneDX JavaScript Library 6.7.0 - XML External Entity Injection via XML Validator
The CycloneDX JavaScript library contains the core functionality of OWASP CycloneDX for JavaScript. In 6.7.0, XML External entity injections were possible, when running the provided XML Validator on arbitrary input. This issue was fixed in version 6.7.1.
CVSS 8.1