Vulnerability	Vulnerable Version
H XML External Entity (XXE) Injection Affected versions of this package are vulnerable to XML External Entity (XXE) Injection. When Apache Ivy parses XML files - either its own configuration, Ivy files or Apache Maven POMs - it will allow downloading external document type definitions and expand any entity references contained therein when used. This can be used to exfiltrate data, access resources only the machine running Ivy has access to or disturb the execution of Ivy in different ways. How to fix XML External Entity (XXE) Injection? Upgrade `org.apache.ivy:ivy` to version 2.5.2 or higher.	[,2.5.2)

XML External Entity (XXE) Injection

Affected versions of this package are vulnerable to XML External Entity (XXE) Injection. When Apache Ivy parses XML files - either its own configuration, Ivy files or Apache Maven POMs - it will allow downloading external document type definitions and expand any entity references contained therein when used.

This can be used to exfiltrate data, access resources only the machine running Ivy has access to or disturb the execution of Ivy in different ways.

How to fix XML External Entity (XXE) Injection?

Upgrade org.apache.ivy:ivy to version 2.5.2 or higher.

[,2.5.2)

Go back to all versions of this package