VDB
CVE-2022-0839
CVE-2022-0839
PUBLISHED
CVSS 7.300000190734863 HIGH
Improper Restriction of XML External Entity Reference in GitHub repository liquibase/liquibase prior to 4.8.0.
EPSS 0.10% · 27.8th percentile
Risk Scores
CVSS 3.0
7.300000190734863
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
EPSS Score
0.10%
27.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| liquibase | liquibase | 0 |
| liquibase | liquibase/liquibase | unspecified |
| oracle | sqlcl | * |
| Maven | org.liquibase:liquibase-core | 0 |
Exploit Intelligence
Timeline
- Mar 4, 2022 CVE Published
- Mar 5, 2022 EPSS Score
- Apr 26, 2022 EPSS Score
- Jun 16, 2022 EPSS Score
- Aug 8, 2022 EPSS Score
- Sep 28, 2022 EPSS Score
- Jan 10, 2023 EPSS Score
- Mar 2, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 23, 2023 EPSS Score
- Jun 13, 2023 EPSS Score
- Aug 4, 2023 EPSS Score
References
- https://huntr.dev/bounties/f1ae5779-b406-4594-a8a3-d089c68d6e70 url
- https://github.com/liquibase/liquibase/commit/33d9d925082097fb1a3d2fc8e44423d964cd9381 url
- https://www.oracle.com/security-alerts/cpujul2022.html url
- http://seclists.org/fulldisclosure/2025/Apr/14 url
- https://www.oracle.com/security-alerts/cpujul2022.html#AppendixDB advisory
- https://www.oracle.com/security-alerts/cpujul2022verbose.html#DB advisory
- https://nvd.nist.gov/vuln/detail/CVE-2022-0839 advisory
- https://github.com/liquibase/liquibase package