VulnerableCode Package Details - pkg:rpm/redhat/eap8-jgroups@1:5.3.21-1.Final_redhat

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:rpm/redhat/eap8-jgroups@1:5.3.21-1.Final_redhat_00001.1?arch=el9eap

purl	pkg:rpm/redhat/eap8-jgroups@1:5.3.21-1.Final_redhat_00001.1?arch=el9eap

Next non-vulnerable version	None.
Latest non-vulnerable version	None.
Risk	3.1

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-qh9g-f6d2-zkeg Aliases: CVE-2025-4949 GHSA-vrpq-qp53-qv56	Eclipse JGit XML External Entity (XXE) Vulnerability In Eclipse JGit versions 7.2.0.202503040940-r and older, the ManifestParser class used by the repo command and the AmazonS3 class used to implement the experimental amazons3 git transport protocol allowing to store git pack files in an Amazon S3 bucket, are vulnerable to XML External Entity (XXE) attacks when parsing XML files. This vulnerability can lead to information disclosure, denial of service, and other security issues.	There are no reported fixed by versions.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T13:40:01.116899+00:00	RedHat Importer	Affected by	VCID-qh9g-f6d2-zkeg	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-4949.json	38.0.0