{"id":"CVE-2019-10782","details":"All versions of com.puppycrawl.tools:checkstyle before 8.29 are vulnerable to XML External Entity (XXE) Injection due to an incomplete fix for CVE-2019-9658.","aliases":["GHSA-763g-fqq7-48wg","SNYK-JAVA-COMPUPPYCRAWLTOOLS-543266"],"modified":"2026-05-28T04:04:55.328208084Z","published":"2020-01-30T23:15:10.093Z","database_specific":{},"references":[{"type":"WEB","url":"https://lists.apache.org/thread.html/r8aaf4ee16bbaf6204731d4770d96ebb34b258cd79b491f9cdd7f2540%40%3Ccommits.nifi.apache.org%3E"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2020/02/msg00008.html"},{"type":"EVIDENCE","url":"https://snyk.io/vuln/SNYK-JAVA-COMPUPPYCRAWLTOOLS-543266"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/checkstyle/checkstyle","events":[{"introduced":"0"},{"fixed":"8933d03c910f8c6243795bc744fbbd0eaed0eb23"}],"database_specific":{"cpe":"cpe:2.3:a:checkstyle:checkstyle:*:*:*:*:*:*:*:*","source":"CPE_RANGE","extracted_events":[{"introduced":"0"},{"fixed":"8.29"}]}}],"versions":["checkstyle-8.28","checkstyle-8.27","checkstyle-8.26","checkstyle-8.25","checkstyle-8.24","checkstyle-8.23","checkstyle-8.22","checkstyle-8.21","checkstyle-8.20","checkstyle-8.19","checkstyle-8.18","checkstyle-8.17","checkstyle-8.16","checkstyle-8.15","checkstyle-8.14","checkstyle-8.13","checkstyle-8.12","checkstyle-8.11","checkstyle-5.7","checkstyle-5.6","checkstyle-5.5","checkstyle-5.4","checkstyle-5.3","checkstyle-5.2","checkstyle-4.4","checkstyle-8.10.1","checkstyle-8.10","checkstyle-8.9","checkstyle-8.8","checkstyle-8.7","checkstyle-8.6","checkstyle-8.5","checkstyle-8.4","checkstyle-8.3","checkstyle-8.2","checkstyle-8.1","checkstyle-8.0","checkstyle-7.8.2","checkstyle-7.8.1","checkstyle-7.8","checkstyle-7.7","checkstyle-7.6.1","checkstyle-7.6","checkstyle-7.5.1","checkstyle-7.5","checkstyle-7.4","checkstyle-7.3","checkstyle-7.2","checkstyle-7.1.2","checkstyle-7.1.1","checkstyle-7.1","checkstyle-7.0","checkstyle-6.19","checkstyle-6.18","checkstyle-6.17","checkstyle-6.16.1","checkstyle-6.16","checkstyle-6.15","checkstyle-6.14.1","checkstyle-6.14","checkstyle-6.13","checkstyle-6.12.1","checkstyle-6.12","checkstyle-6.11.2","checkstyle-6.11.1","checkstyle-6.11","checkstyle-6.10.1","checkstyle-6.10","checkstyle-6.9","checkstyle-6.8.1","checkstyle-6.8","checkstyle-6.7","checkstyle-6.6","checkstyle-6.5","checkstyle-6.4.1","checkstyle-6.4","checkstyle-6.3","checkstyle-6.2","checkstyle-6.1.1","checkstyle-6.1","checkstyle-6.0","checkstyle-5.9","checkstyle-5.8","release5_7","release5_6","release5_5","release5_4","release5_3","release4_4","release4_3","release4_2","release4_1","release4_0","release4_0_beta_5","release4_0_beta_4","release4_0_beta_3","release4_0_beta_2","release4_0_beta_1","v2-branch_lmp","release3_4","release3_3","release3_2","release3_1","release3_0","release2_4","bcel","release2_2","release2_0","release1_4","release1_3","release1_2","release1_1"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-10782.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}]}