CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-7722

PMD 5.8.1 and earlier processes XML external entities in ruleset files it parses as part of the analysis process, allowing attackers tampering it (either by direct modification or MITM attacks when using remote rulesets) to perform information disclosure, denial of service, or request forgery attacks. (PMD 6.x is unaffected because of a 2017-09-15 change.)

Exploit prediction scoring system (EPSS) score

EPSS Score 0.005

EPSS Ranking 62.9%

CVSS Severity

CVSS v3 Score 8.1

CVSS v2 Score 6.8

References

Products affected by CVE-2019-7722

Pmd Project » Pmd » Version: 4.0.0

cpe:2.3:a:pmd_project:pmd:4.0.0
Pmd Project » Pmd » Version: 4.0.1

cpe:2.3:a:pmd_project:pmd:4.0.1
Pmd Project » Pmd » Version: 4.0.2

cpe:2.3:a:pmd_project:pmd:4.0.2
Pmd Project » Pmd » Version: 4.3.0

cpe:2.3:a:pmd_project:pmd:4.3.0
Pmd Project » Pmd » Version: 5.0.0

cpe:2.3:a:pmd_project:pmd:5.0.0
Pmd Project » Pmd » Version: 5.0.1

cpe:2.3:a:pmd_project:pmd:5.0.1
Pmd Project » Pmd » Version: 5.0.2

cpe:2.3:a:pmd_project:pmd:5.0.2
Pmd Project » Pmd » Version: 5.0.3

cpe:2.3:a:pmd_project:pmd:5.0.3
Pmd Project » Pmd » Version: 5.0.4

cpe:2.3:a:pmd_project:pmd:5.0.4
Pmd Project » Pmd » Version: 5.0.5

cpe:2.3:a:pmd_project:pmd:5.0.5
Pmd Project » Pmd » Version: 5.1.0

cpe:2.3:a:pmd_project:pmd:5.1.0
Pmd Project » Pmd » Version: 5.1.1

cpe:2.3:a:pmd_project:pmd:5.1.1
Pmd Project » Pmd » Version: 5.1.2

cpe:2.3:a:pmd_project:pmd:5.1.2
Pmd Project » Pmd » Version: 5.1.3

cpe:2.3:a:pmd_project:pmd:5.1.3
Pmd Project » Pmd » Version: 5.2.0

cpe:2.3:a:pmd_project:pmd:5.2.0
Pmd Project » Pmd » Version: 5.2.1

cpe:2.3:a:pmd_project:pmd:5.2.1
Pmd Project » Pmd » Version: 5.2.2

cpe:2.3:a:pmd_project:pmd:5.2.2
Pmd Project » Pmd » Version: 5.2.3

cpe:2.3:a:pmd_project:pmd:5.2.3
Pmd Project » Pmd » Version: 5.3.0

cpe:2.3:a:pmd_project:pmd:5.3.0
Pmd Project » Pmd » Version: 5.3.1

cpe:2.3:a:pmd_project:pmd:5.3.1
Pmd Project » Pmd » Version: 5.3.2

cpe:2.3:a:pmd_project:pmd:5.3.2
Pmd Project » Pmd » Version: 5.3.3

cpe:2.3:a:pmd_project:pmd:5.3.3
Pmd Project » Pmd » Version: 5.3.4

cpe:2.3:a:pmd_project:pmd:5.3.4
Pmd Project » Pmd » Version: 5.3.5

cpe:2.3:a:pmd_project:pmd:5.3.5
Pmd Project » Pmd » Version: 5.3.6

cpe:2.3:a:pmd_project:pmd:5.3.6
Pmd Project » Pmd » Version: 5.3.7

cpe:2.3:a:pmd_project:pmd:5.3.7
Pmd Project » Pmd » Version: 5.3.8

cpe:2.3:a:pmd_project:pmd:5.3.8
Pmd Project » Pmd » Version: 5.4.0

cpe:2.3:a:pmd_project:pmd:5.4.0
Pmd Project » Pmd » Version: 5.4.1

cpe:2.3:a:pmd_project:pmd:5.4.1
Pmd Project » Pmd » Version: 5.4.2

cpe:2.3:a:pmd_project:pmd:5.4.2
Pmd Project » Pmd » Version: 5.4.3

cpe:2.3:a:pmd_project:pmd:5.4.3
Pmd Project » Pmd » Version: 5.4.4

cpe:2.3:a:pmd_project:pmd:5.4.4
Pmd Project » Pmd » Version: 5.4.5

cpe:2.3:a:pmd_project:pmd:5.4.5
Pmd Project » Pmd » Version: 5.4.6

cpe:2.3:a:pmd_project:pmd:5.4.6
Pmd Project » Pmd » Version: 5.5.0

cpe:2.3:a:pmd_project:pmd:5.5.0
Pmd Project » Pmd » Version: 5.5.1

cpe:2.3:a:pmd_project:pmd:5.5.1
Pmd Project » Pmd » Version: 5.5.2

cpe:2.3:a:pmd_project:pmd:5.5.2
Pmd Project » Pmd » Version: 5.5.3

cpe:2.3:a:pmd_project:pmd:5.5.3
Pmd Project » Pmd » Version: 5.5.4

cpe:2.3:a:pmd_project:pmd:5.5.4
Pmd Project » Pmd » Version: 5.5.5

cpe:2.3:a:pmd_project:pmd:5.5.5
Pmd Project » Pmd » Version: 5.5.6

cpe:2.3:a:pmd_project:pmd:5.5.6
Pmd Project » Pmd » Version: 5.5.7

cpe:2.3:a:pmd_project:pmd:5.5.7
Pmd Project » Pmd » Version: 5.6.0

cpe:2.3:a:pmd_project:pmd:5.6.0
Pmd Project » Pmd » Version: 5.6.1

cpe:2.3:a:pmd_project:pmd:5.6.1
Pmd Project » Pmd » Version: 5.7.0

cpe:2.3:a:pmd_project:pmd:5.7.0
Pmd Project » Pmd » Version: 5.8.0

cpe:2.3:a:pmd_project:pmd:5.8.0
Pmd Project » Pmd » Version: 5.8.1

cpe:2.3:a:pmd_project:pmd:5.8.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-7722

Products

Pricing

Contact Us