PT-2022-11751 · Unknown · Onc Code-Validator-Api
Published
2022-12-29
·
Updated
2024-05-17
·
CVE-2021-4295
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
ONC code-validator-api versions up to 1.0.30
Description
A vulnerability was found in the ONC code-validator-api, affecting the
vocabularyValidationConfigurations function of the XML Handler component. The issue leads to an xml external entity reference.Recommendations
For ONC code-validator-api versions up to 1.0.30, upgrade to version 1.0.31 to address this issue. As a temporary workaround, consider restricting the use of the
vocabularyValidationConfigurations function until the patch is applied.Fix
XXE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Onc Code-Validator-Api