CVE-2019-10782

NameCVE-2019-10782
DescriptionAll versions of com.puppycrawl.tools:checkstyle before 8.29 are vulnerable to XML External Entity (XXE) Injection due to an incomplete fix for CVE-2019-9658.
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-2099-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
checkstyle (PTS)forky, sid, bookworm, bullseye, trixie8.36.1-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
checkstylesourcejessie5.9-1+deb8u2DLA-2099-1
checkstylesourcestretch(not affected)
checkstylesourcebuster(not affected)
checkstylesource(unstable)8.29-1

Notes

[buster] - checkstyle <not-affected> (Incomplete fix for CVE-2019-9658 not applied)
[stretch] - checkstyle <not-affected> (Incomplete fix for CVE-2019-9658 not applied)
https://snyk.io/vuln/SNYK-JAVA-COMPUPPYCRAWLTOOLS-543266
https://github.com/checkstyle/checkstyle/issues/7468
https://github.com/checkstyle/checkstyle/security/advisories/GHSA-763g-fqq7-48wg
Search for package or bug name: Reporting problems