diff --git a/advisories/unreviewed/2022/05/GHSA-5m48-vr54-vmh3/GHSA-5m48-vr54-vmh3.json b/advisories/unreviewed/2022/05/GHSA-5m48-vr54-vmh3/GHSA-5m48-vr54-vmh3.json index 3f181bd346512..ac9906f113883 100644 --- a/advisories/unreviewed/2022/05/GHSA-5m48-vr54-vmh3/GHSA-5m48-vr54-vmh3.json +++ b/advisories/unreviewed/2022/05/GHSA-5m48-vr54-vmh3/GHSA-5m48-vr54-vmh3.json @@ -1,24 +1,49 @@ { "schema_version": "1.4.0", "id": "GHSA-5m48-vr54-vmh3", - "modified": "2022-07-26T00:01:02Z", + "modified": "2023-01-27T05:02:56Z", "published": "2022-05-17T19:57:08Z", "aliases": [ "CVE-2014-3643" ], + "summary": "jersey: XXE via parameter entities", "details": "jersey: XXE via parameter entities not disabled by the jersey SAX parser", "severity": [ { "type": "CVSS_V3", - "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" + } + ], + "affected": [ + { + "package": { + "ecosystem": "Maven", + "name": "com.sun.jersey:jersey-core" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "1.13" + } + ] + } + ] } ], - "affected": [], "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3643" }, + { + "type": "WEB", + "url": "https://github.com/javaee/jersey-1.x/commit/49f1e5a6ac608ccb51939205e4739f328f2223e6" + }, { "type": "WEB", "url": "https://access.redhat.com/security/cve/cve-2014-3643" @@ -27,9 +52,17 @@ "type": "WEB", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3643" }, + { + "type": "PACKAGE", + "url": "https://github.com/javaee/jersey-1.x" + }, { "type": "WEB", "url": "https://www.oracle.com/security-alerts/cpujul2022.html" + }, + { + "type": "WEB", + "url": "https://www.sourceclear.com/vulnerability-database/security/xml-external-entity-xxe/java/sid-22175" } ], "database_specific": {