CVE-2014-125087 — Vulnetix

CVE-2014-125087 PUBLISHED

A vulnerability was found in java-xmlbuilder up to 1.1. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to xml external entity reference. Upgrading to version 1.2 is able to address this issue. The name of the patch is e6fddca201790abab4f2c274341c0bb8835c3e73. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-221480.

EPSS 0.05% · 14.6th percentile

Risk Scores

EPSS Score

0.05%

14.6th percentile

Affected Products

Vendor	Product	Versions
Ubuntu:20.04:LTS	java-xmlbuilder	0, 0.4-2
Ubuntu:25.10	java-xmlbuilder	0, 0.4-3
Ubuntu:18.04:LTS	java-xmlbuilder	0, 0.4-2
Ubuntu:22.04:LTS	java-xmlbuilder	0, 0.4-2.1
Ubuntu:24.04:LTS	java-xmlbuilder	0.4-2.1, 0
Ubuntu:16.04:LTS	java-xmlbuilder	0, 0.4-2

Exploit Intelligence

https://vuldb.com/?id.221480 (circl)
https://vuldb.com/?ctiid.221480 (circl)
https://github.com/jmurty/java-xmlbuilder/commit/e6fddca201790abab4f2c274341c0bb8835c3e73 (circl)
https://github.com/jmurty/java-xmlbuilder/releases/tag/v1.2 (circl)
https://security.netapp.com/advisory/ntap-20240208-0009/ (circl)
https://github.com/jmurty/java-xmlbuilder/issues/6 (nist-nvd)

Timeline

Feb 19, 2023 CVE Published
Feb 20, 2023 EPSS Score
Mar 1, 2023 CVE Updated
Mar 7, 2023 EPSS Score
Apr 1, 2023 EPSS Score
May 10, 2023 EPSS Score
Jun 19, 2023 EPSS Score
Jul 28, 2023 EPSS Score
Sep 6, 2023 EPSS Score
Oct 15, 2023 EPSS Score
Nov 24, 2023 EPSS Score
Jan 2, 2024 EPSS Score

References

https://ubuntu.com/security/CVE-2014-125087 third-party-advisory
https://github.com/jmurty/java-xmlbuilder/issues/6 third-party-advisory
https://github.com/jmurty/java-xmlbuilder/releases/tag/v1.2 third-party-advisory
https://github.com/jmurty/java-xmlbuilder/commit/e6fddca201790abab4f2c274341c0bb8835c3e73 third-party-advisory
https://www.cve.org/CVERecord?id=CVE-2014-125087 third-party-advisory

Open in Interactive Console →