CVE-2024-31573 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	4 MEDIUM	LOCAL	HIGH	NONE	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
mitre	CNA	4 MEDIUM				CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
CISA-ADP	ADP	---				---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 13%

Debian Releases

Debian Product

Codename

xmlunit

bookworm	1.6-2 fixed
forky	1.6-2 fixed
bullseye	1.6-2 fixed
sid	1.6-2 fixed
trixie	1.6-2 fixed

Ubuntu Releases

Ubuntu Product

Codename

xmlunit

questing	needs-triage
plucky	needs-triage
noble	needs-triage
jammy	needs-triage
focal	needs-triage
bionic	needs-triage
xenial	needs-triage

Common Weakness Enumeration

CWE-669 - Incorrect Resource Transfer Between Spheres
The product does not properly transfer a resource/behavior to another sphere, or improperly imports a resource/behavior from another sphere, in a manner that provides unintended control over that resource.

References

https://github.com/advisories/GHSA-chfm-68vv-pvw5

https://github.com/xmlunit/xmlunit/commit/b81d48b71dfd2868bdfc30a3e17ff973f32bc15b

https://github.com/xmlunit/xmlunit/issues/264

https://github.com/xmlunit/xmlunit/issues/264