Maven package
org.bedework/bw-webdav
pkg:maven/org.bedework/bw-webdav
Vulnerabilities (1)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2018-20000 | — | >= 4.0.1, < 4.0.3 | 4.0.3 | Dec 10, 2018 | Apereo Bedework bw-webdav before 4.0.3 allows XXE attacks, as demonstrated by an invite-reply document that reads a local file, related to webdav/servlet/common/MethodBase.java and webdav/servlet/common/PostRequestPars.java. |
- CVE-2018-20000Dec 10, 2018affected >= 4.0.1, < 4.0.3fixed 4.0.3
Apereo Bedework bw-webdav before 4.0.3 allows XXE attacks, as demonstrated by an invite-reply document that reads a local file, related to webdav/servlet/common/MethodBase.java and webdav/servlet/common/PostRequestPars.java.