High severity8.1NVD Advisory· Published Feb 9, 2018· Updated Jun 17, 2026
CVE-2018-1307
CVE-2018-1307
Description
In Apache jUDDI 3.2 through 3.3.4, if using the WADL2Java or WSDL2Java classes, which parse a local or remote XML document and then mediates the data structures into UDDI data structures, there are little protections present against entity expansion and DTD type of attacks. Mitigation is to use 3.3.5.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.juddi:juddi-clientMaven | >= 3.2, < 3.3.5 | 3.3.5 |
Affected products
2- Apache Software Foundation/Apache jUDDIv5Range: 3.2 to 3.3.4
Patches
Vulnerability mechanics
References
4- issues.apache.org/jira/browse/JUDDI-987nvdIssue TrackingPatchVendor AdvisoryWEB
- juddi.apache.org/security.htmlnvdVendor AdvisoryWEB
- github.com/advisories/GHSA-p99p-726h-c8v5ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2018-1307ghsaADVISORY
News mentions
0No linked articles in our index yet.