Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-4245

A flaw was found in codehaus-plexus. The org.codehaus.plexus.util.xml.XmlWriterUtil#writeComment fails to sanitize comments for a --> sequence. This issue means that text contained in the command string could be interpreted as XML and allow for XML injection.

Published

2023-09-25T20:15:10.400

Last Modified

2024-11-21T07:34:51.700

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 4.3 (MEDIUM)

Weaknesses

Type: Secondary
CWE-91
Type: Primary
CWE-611

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	codehaus-plexus	plexus-utils	< 3.0.24	Yes
Application	redhat	integration_camel_k	< 1.10.1	Yes

References

https://access.redhat.com/errata/RHSA-2023:2135 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2023:3906 Third Party Advisory ([email protected])
https://access.redhat.com/security/cve/CVE-2022-4245 Third Party Advisory ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=2149843 Issue Tracking, Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2023:2135 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2023:3906 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/security/cve/CVE-2022-4245 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=2149843 Issue Tracking, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)