Vulnerability

CVE-2024-31573

 Report advisory or correction

CVSS Score 9.2 critical

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CWE

CWE-669

References

https://github.com/xmlunit/xmlunit/issues/264
https://github.com/advisories/GHSA-chfm-68vv-pvw5
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-31573

[CVE-2024-31573] CWE-669: Incorrect Resource Transfer Between Spheres

Description

XMLUnit for Java before 2.10.0, in the default configuration, might allow code execution via an untrusted stylesheet (used for an XSLT transformation), because XSLT extension functions are enabled.