Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Block one more gadget type (org.docx4j.org.apache:xalan-interpretive, CVE-2020-36183) #3003

Closed
cowtowncoder opened this issue Jan 1, 2021 · 1 comment
Closed

Block one more gadget type (org.docx4j.org.apache:xalan-interpretive, CVE-2020-36183) #3003

cowtowncoder opened this issue Jan 1, 2021 · 1 comment
Labels
CVE Issues related to public CVEs (security vuln reports)
Milestone
2.9.10.8

Comments

@cowtowncoder
Copy link
Member

cowtowncoder commented Jan 1, 2021
edited

Another gadget type(s) reported regarding class(es) of org.docx4j.org.apache:xalan-interpretive library.
See https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 for description of the general problem.

Reporter(s): differ (of Zorelworld iLab team)
Mitre id: CVE-2020-36183

Note: derivative of #2469 (embedded Xalan)

Fix is included in:
@cowtowncoder cowtowncoder added to-evaluate Issue that has been received but not yet evaluated CVE Issues related to public CVEs (security vuln reports) and removed to-evaluate Issue that has been received but not yet evaluated labels Jan 1, 2021
cowtowncoder added a commit that referenced this issue Jan 1, 2021
@cowtowncoder
Fixed #3003
12e23c9
@cowtowncoder cowtowncoder added this to the 2.9.10.8 milestone Jan 1, 2021
cowtowncoder added a commit that referenced this issue Jan 2, 2021
@cowtowncoder
Fixed #3003
1cddeaf
cowtowncoder added a commit that referenced this issue Jan 3, 2021
@cowtowncoder
... and fixing reference, fixed #3005, not #3003
972db89
@abergmann
Copy link

CVE-2020-36183 has been assigned to this issue.

@cowtowncoder cowtowncoder changed the title Block one more gadget type (xxx, CVE to be allocated) Block one more gadget type (org.docx4j.org.apache:xalan-interpretive, CVE-2020-36183) Jan 7, 2021
This was referenced Jan 9, 2021
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
This was referenced Jan 10, 2021
Open
Closed
Closed
Open
Open
Closed
@mend-for-github-com mend-for-github-com bot mentioned this issue Jan 13, 2021
Open
This was referenced Mar 12, 2022
Closed
Closed
This was referenced Mar 14, 2022
Open
Open
Open
Closed
This was referenced Mar 14, 2022
Closed
Open
@mend-bolt-for-github mend-bolt-for-github bot mentioned this issue Mar 22, 2022
Open
This was referenced Mar 31, 2022
Closed
Open
This was referenced May 10, 2022
Open
Open
@mend-bolt-for-github mend-bolt-for-github bot mentioned this issue May 31, 2022
Closed
This was referenced May 31, 2022
Closed
Closed
Closed
Closed
@scott-cx scott-cx mentioned this issue Aug 1, 2022
Open
@cxronen cxronen mentioned this issue Sep 20, 2022
Open
@margaritalm margaritalm mentioned this issue Dec 25, 2022
Open
@humkum humkum mentioned this issue Jan 10, 2023
Closed
@cxronen cxronen mentioned this issue Dec 20, 2022
Open
@cxronen cxronen mentioned this issue Feb 17, 2023
Open
@cxronen cxronen mentioned this issue Mar 2, 2023
Open
This was referenced Feb 15, 2023
Open
Open
This was referenced Apr 28, 2023
Open
Open
@cxronen cxronen mentioned this issue May 25, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
CVE Issues related to public CVEs (security vuln reports)
Projects
None yet
Milestone
2.9.10.8
Development

No branches or pull requests
2 participants
@cowtowncoder @abergmann