CVE-2022-0272

Vulnerable Component Details
Type Namespace Name Version Package URL
maven io.gitlab.arturbosch.detekt detekt-core 1.7.4 pkg:maven/io.gitlab.arturbosch.detekt/detekt-core@1.7.4?type=jar
Vulnerability Details
ID CVE-2022-0272
Description Improper Restriction of XML External Entity Reference in GitHub repository detekt/detekt prior to 1.20.0.
Recommendation . || State: fixed | Fix Versions: 1.20.0
Ratings
Severity Score Method Vector Source
7.3 CVSSv3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L ghsa
7.5 CVSSv2 AV:N/AC:L/Au:N/C:P/I:P/A:P nvd
9.8 CVSSv31 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H nvd
Related Vulnerabilities
Found By Anchore Grype , Aquasec Trivy
References / Advisories
Weakness Enumeration