de.tud.sse:soot-infoflow@2.8 vulnerabilities
-
latest version
2.9.0
-
latest non vulnerable version
-
first published
5 years ago
-
latest version published
3 years ago
-
licenses detected
- [2.7.1,)
-
package manager
Direct Vulnerabilities
Known vulnerabilities in the de.tud.sse:soot-infoflow package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.| Vulnerability | Vulnerable Version |
|---|---|
Affected versions of this package are vulnerable to XML External Entity (XXE) Injection. This allows an attacker who has control over the source/sink definition file in XML format to read files from external locations. In order for this to occur, the XML-based format for sources and sinks has to be used and the attacker has to able control the source/sink definition file. As a workaround, do not allow untrusted entities to control the source/sink definition file. How to fix XML External Entity (XXE) Injection? Upgrade |
[,2.9.0)
|