CVE-2022-0839

CRITICAL

liquibase < 4.8.0 - XML External Entity Injection

Title source: llm

Improper Restriction of XML External Entity Reference in GitHub repository liquibase/liquibase prior to 4.8.0.

Core 4

Core References

Exploit, Patch, Third Party Advisory x_refsource_confirm

Patch x_refsource_misc

Patch, Third Party Advisory x_refsource_misc

Mailing List

CVSS v3 9.8

EPSS 0.0010

EPSS Percentile 27.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-611

Status published

Products (3)

liquibase/liquibase < 4.8.0

oracle/sqlcl 19c

org.liquibase/liquibase-core 0 - 4.8.0Maven

Published Mar 04, 2022

Tracked Since Feb 18, 2026