de.tud.sse:soot-infoflow@2.8 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the de.tud.sse:soot-infoflow package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
XML External Entity (XXE) Injection

Affected versions of this package are vulnerable to XML External Entity (XXE) Injection. This allows an attacker who has control over the source/sink definition file in XML format to read files from external locations. In order for this to occur, the XML-based format for sources and sinks has to be used and the attacker has to able control the source/sink definition file.

As a workaround, do not allow untrusted entities to control the source/sink definition file.

How to fix XML External Entity (XXE) Injection?

Upgrade de.tud.sse:soot-infoflow to version 2.9.0 or higher.

[,2.9.0)