CVE-2019-7722

Name of the Vulnerable Software and Affected Versions PMD versions 5.8.1 and earlier

Description The issue allows attackers to tamper with XML external entities in ruleset files, potentially leading to information disclosure, denial of service, or request forgery attacks. This can be achieved through direct modification or man-in-the-middle (MITM) attacks when using remote rulesets.

Recommendations For PMD versions 5.8.1 and earlier, update to a version that incorporates the changes made on 2017-09-15, which are included in PMD 6.x.