CVE-2014-3643: jersey: XXE via parameter entities
(updated )
jersey: XXE via parameter entities not disabled by the jersey SAX parser
References
- access.redhat.com/security/cve/cve-2014-3643
- bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3643
- github.com/advisories/GHSA-5m48-vr54-vmh3
- github.com/javaee/jersey-1.x
- github.com/javaee/jersey-1.x/commit/49f1e5a6ac608ccb51939205e4739f328f2223e6
- nvd.nist.gov/vuln/detail/CVE-2014-3643
- www.oracle.com/security-alerts/cpujul2022.html
- www.sourceclear.com/vulnerability-database/security/xml-external-entity-xxe/java/sid-22175
Code Behaviors & Features
Detect and mitigate CVE-2014-3643 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →