VYPR

Maven package

org.apache.karaf.specs/org.apache.karaf.specs.java.xml

pkg:maven/org.apache.karaf.specs/org.apache.karaf.specs.java.xml

Vulnerabilities (1)

  • CVE-2018-11788Jan 7, 2019
    affected >= 4.2.0, < 4.2.2fixed 4.2.2

    Apache Karaf provides a features deployer, which allows users to "hot deploy" a features XML by dropping the file directly in the deploy folder. The features XML is parsed by XMLInputFactory class. Apache Karaf XMLInputFactory class doesn't contain any mitigation codes against XX