High severity7.5OSV Advisory· Published Jun 21, 2024· Updated Apr 15, 2026
CVE-2021-47621
CVE-2021-47621
Description
ClassGraph before 4.8.112 was not resistant to XML eXternal Entity (XXE) attacks.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
io.github.classgraph:classgraphMaven | < 4.8.112 | 4.8.112 |
Affected products
13- Range: classgraph-4.0.0, classgraph-4.0.0-beta-11, classgraph-4.0.0-beta-12, …
- osv-coords12 versionspkg:apk/chainguard/management-api-for-apache-cassandra-4.0pkg:apk/chainguard/management-api-for-apache-cassandra-4.0-compatpkg:apk/chainguard/management-api-for-apache-cassandra-4.1pkg:apk/chainguard/management-api-for-apache-cassandra-4.1-compatpkg:apk/chainguard/management-api-for-apache-cassandra-5.0pkg:apk/chainguard/management-api-for-apache-cassandra-5.0-compatpkg:apk/chainguard/request-1277pkg:apk/wolfi/management-api-for-apache-cassandra-4.1pkg:apk/wolfi/management-api-for-apache-cassandra-4.1-compatpkg:apk/wolfi/management-api-for-apache-cassandra-5.0pkg:apk/wolfi/management-api-for-apache-cassandra-5.0-compatpkg:maven/io.github.classgraph/classgraph
< 0.1.89-r0+ 11 more
- (no CPE)range: < 0.1.89-r0
- (no CPE)range: < 0.1.89-r0
- (no CPE)range: < 0.1.109-r0
- (no CPE)range: < 0.1.109-r0
- (no CPE)range: < 0.1.89-r0
- (no CPE)range: < 0.1.89-r0
- (no CPE)range: < 0.1.89-r0
- (no CPE)range: < 0.1.109-r0
- (no CPE)range: < 0.1.109-r0
- (no CPE)range: < 0.1.89-r0
- (no CPE)range: < 0.1.89-r0
- (no CPE)range: < 4.8.112
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-v2xm-76pq-phcfghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-47621ghsaADVISORY
- docs.r3.com/en/platform/corda/4.8/enterprise/release-notes-enterprise.htmlnvdWEB
- github.com/classgraph/classgraph/commit/681362ad6b0b9d9abaffb2e07099ce54d7a41fa3nvdWEB
- github.com/classgraph/classgraph/pull/539nvdWEB
- github.com/classgraph/classgraph/releases/tag/classgraph-4.8.112nvdWEB
News mentions
0No linked articles in our index yet.