Eclipse JGit 6.5.0.202303070854

CPE Details

Eclipse JGit 6.5.0.202303070854
eclipse
jgit
6.5.0.202303070854
2023-09-15
14h45 +00:00
2023-09-15
14h45 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:eclipse:jgit:6.5.0.202303070854:*:*:*:*:*:*:*

Informations

Vendor

eclipse

Product

jgit

Version

6.5.0.202303070854

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2025-4949 2025-05-21 06h47 +00:00 In Eclipse JGit versions 7.2.0.202503040940-r and older, the ManifestParser class used by the repo command and the AmazonS3 class used to implement the experimental amazons3 git transport protocol allowing to store git pack files in an Amazon S3 bucket, are vulnerable to XML External Entity (XXE) attacks when parsing XML files. This vulnerability can lead to information disclosure, denial of service, and other security issues.
6.8
Medium
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.