CVE-2024-34345

Description

The CycloneDX JavaScript library contains the core functionality of OWASP CycloneDX for JavaScript. In 6.7.0, XML External entity injections were possible, when running the provided XML Validator on arbitrary input. This issue was fixed in version 6.7.1.

Affected Software
References

Software	From	Fixed in
@cyclonedx / cyclonedx-library	6.7.0	6.7.0.x
@cyclonedx / cyclonedx-library	6.7.0	6.7.1

https://github.com/CycloneDX/cyclonedx-javascript-library/commit/5e5e1e0b9422f47d2de81c7c4064b803a01e7203
https://github.com/CycloneDX/cyclonedx-javascript-library/pull/1063
https://github.com/CycloneDX/cyclonedx-javascript-library/security/advisories/GHSA-38gf-rh2w-gmj7

CVE-2024-34345

Description

Details

CVSS v3

CWEs

OWASP TOP 10