{"url":"http://public2.vulnerablecode.io/api/packages/58284?format=json","purl":"pkg:maven/com.diffplug.spotless/spotless-plugin-maven@1.20.0","type":"maven","namespace":"com.diffplug.spotless","name":"spotless-plugin-maven","version":"1.20.0","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41138?format=json","vulnerability_id":"VCID-h83r-z7yt-pbhr","summary":"Improper Restriction of XML External Entity Reference\nIn DiffPlug Spotless, the XML parser would resolve external entities over both HTTP and HTTPS and ignores the `resolveExternalEntities` setting. This could allow disclosure of file contents to a MITM attacker, if a victim performs a `spotlessApply` operation on an untrusted XML file.","references":[{"reference_url":"https://github.com/diffplug/spotless/blob/master/plugin-gradle/CHANGES.md#version-3200---march-11th-2018-javadoc-jcenter","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/diffplug/spotless/blob/master/plugin-gradle/CHANGES.md#version-3200---march-11th-2018-javadoc-jcenter"},{"reference_url":"https://github.com/diffplug/spotless/blob/master/plugin-maven/CHANGES.md#version-1200---march-14th-2018-javadoc-jcenter","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/diffplug/spotless/blob/master/plugin-maven/CHANGES.md#version-1200---march-14th-2018-javadoc-jcenter"},{"reference_url":"https://github.com/diffplug/spotless/issues/358","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/diffplug/spotless/issues/358"},{"reference_url":"https://github.com/diffplug/spotless/pull/369","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/diffplug/spotless/pull/369"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-9843","reference_id":"CVE-2019-9843","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-9843"},{"reference_url":"https://github.com/advisories/GHSA-7v35-qwwj-p98g","reference_id":"GHSA-7v35-qwwj-p98g","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-7v35-qwwj-p98g"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/58284?format=json","purl":"pkg:maven/com.diffplug.spotless/spotless-plugin-maven@1.20.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.diffplug.spotless/spotless-plugin-maven@1.20.0"}],"aliases":["CVE-2019-9843","GHSA-7v35-qwwj-p98g"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h83r-z7yt-pbhr"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.diffplug.spotless/spotless-plugin-maven@1.20.0"}