org.apache.ivy:ivy@2.3.0 vulnerabilities
-
latest version
2.5.2
-
latest non vulnerable version
-
first published
17 years ago
-
latest version published
10 months ago
-
licenses detected
- [0,)
-
package manager
Direct Vulnerabilities
Known vulnerabilities in the org.apache.ivy:ivy package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
Affected versions of this package are vulnerable to XML External Entity (XXE) Injection. When Apache Ivy parses XML files - either its own configuration, Ivy files or Apache Maven POMs - it will allow downloading external document type definitions and expand any entity references contained therein when used. This can be used to exfiltrate data, access resources only the machine running Ivy has access to or disturb the execution of Ivy in different ways. How to fix XML External Entity (XXE) Injection? Upgrade |
[,2.5.2)
|
Affected versions of this package are vulnerable to Directory Traversal in the How to fix Directory Traversal? Upgrade |
[2.0.0,2.5.1)
|