VulnerableCode Package Details - pkg:rpm/redhat/org.optaweb.employeerostering-optaweb-employee@rostering-8.13.0?arch=Final_redhat

Search for packages

Vulnerability	Summary	Fixed by
VCID-2upq-2rss-aaag Aliases: CVE-2022-4245 GHSA-jcwr-x25h-x5fh	A flaw was found in codehaus-plexus. The org.codehaus.plexus.util.xml.XmlWriterUtil#writeComment fails to sanitize comments for a --> sequence. This issue means that text contained in the command string could be interpreted as XML and allow for XML injection.	There are no reported fixed by versions.
VCID-6367-jty3-aaak Aliases: CVE-2022-3782 GHSA-g8q8-fggx-9r3q GMS-2022-8407	Keycloak vulnerable to path traversal via double URL encoding	There are no reported fixed by versions.
VCID-a1bm-5n1u-aaaj Aliases: CVE-2022-42889 GHSA-599f-7c49-w659	Arbitrary code execution in Apache Commons Text	There are no reported fixed by versions.
VCID-f6a4-nmup-aaaq Aliases: CVE-2023-1108 GHSA-m4mm-pg93-fv78	A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates.	There are no reported fixed by versions.
VCID-gqhw-ngh8-aaap Aliases: CVE-2022-42004 GHSA-rgv9-q543-rqg4	Deserialization of Untrusted Data in FasterXML jackson-databind	There are no reported fixed by versions.
VCID-shw4-mwht-aaan Aliases: CVE-2022-46364 GHSA-x3x3-qwjq-8gj4	Apache CXF Server-Side Request Forgery vulnerability	There are no reported fixed by versions.
VCID-t7e4-g3fr-aaan Aliases: CVE-2022-42003 GHSA-jjjh-jjxp-wpff	Deserialization of Untrusted Data in FasterXML jackson-databind	There are no reported fixed by versions.

Vulnerability

Summary

Fixed by

VCID-2upq-2rss-aaag
Aliases:
CVE-2022-4245
GHSA-jcwr-x25h-x5fh

A flaw was found in codehaus-plexus. The org.codehaus.plexus.util.xml.XmlWriterUtil#writeComment fails to sanitize comments for a --> sequence. This issue means that text contained in the command string could be interpreted as XML and allow for XML injection.