CVE-2024-31573

Medium CVSS: 4.0

XMLUnit for Java before 2.10.0, in the default configuration, might allow code execution via an untrusted stylesheet (used for an XSLT transformation), because XSLT extension functions are enabled.

Vendor

Product

CWE

CWE-669

Yayın Tarihi

2025-10-17 19:15:36

Güncelleme

2025-10-21 19:31:50

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-669 MEDIUM 2025

Referanslar

https://github.com/advisories/GHSA-chfm-68vv-pvw5 https://github.com/xmlunit/xmlunit/commit/b81d48b71dfd2868bdfc30a3e17ff973f32bc15b https://github.com/xmlunit/xmlunit/issues/264 https://github.com/xmlunit/xmlunit/issues/264