{"url":"http://public2.vulnerablecode.io/api/packages/55019?format=json","purl":"pkg:maven/org.apache.juddi/juddi-client@3.2","type":"maven","namespace":"org.apache.juddi","name":"juddi-client","version":"3.2","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"3.2.0","latest_non_vulnerable_version":"3.3.5","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/39391?format=json","vulnerability_id":"VCID-81zc-ewfw-sbhx","summary":"Improper Restriction of XML External Entity Reference\nIn Apache jUDDI, if using the `WADL2Java` or `WSDL2Java` classes, which parse a local or remote XML document and then mediates the data structures into UDDI data structures, there are little protections present against entity expansion and DTD type of attacks.","references":[{"reference_url":"http://juddi.apache.org/security.html","reference_id":"","reference_type":"","scores":[],"url":"http://juddi.apache.org/security.html"},{"reference_url":"https://issues.apache.org/jira/browse/JUDDI-987","reference_id":"","reference_type":"","scores":[],"url":"https://issues.apache.org/jira/browse/JUDDI-987"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-1307","reference_id":"CVE-2018-1307","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-1307"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/55021?format=json","purl":"pkg:maven/org.apache.juddi/juddi-client@3.3.5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.juddi/juddi-client@3.3.5"}],"aliases":["CVE-2018-1307"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-81zc-ewfw-sbhx"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.juddi/juddi-client@3.2"}