{"id":"CVE-2019-9658","details":"Checkstyle before 8.18 loads external DTDs by default.","aliases":["GHSA-gp32-7h29-rpxm"],"modified":"2025-11-14T10:03:43.860315Z","published":"2019-03-11T05:29:00.617Z","references":[{"type":"WEB","url":"https://lists.apache.org/thread.html/6bf8bbbca826e883f09ba40bc0d319350e1d6d4cf4df7c9e399b2699%40%3Ccommits.fluo.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/7eea10e7be4c21060cb1e79f6524c6e6559ba833b1465cd2870a56b9%40%3Cserver-dev.james.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/994221405e940e148adcfd9cb24ffc6700bed70c7820c55a22559d26%40%3Cnotifications.fluo.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/a35a8ccb316d4c2340710f610cba8058e87d5376259b35ef3ed2bf89%40%3Cnotifications.accumulo.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/fff26ee7b59360a0264fef4e8ed9454ef652db2c39f2892a9ea1c9cb%40%3Cnotifications.fluo.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679%40%3Ccommits.nifi.apache.org%3E"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2BMOPJ2XYE4LB2HM7OMSUBBIYEDUTLWE/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AEYBAHYAV37WHMOXZYM2ZWF46FHON6YC/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VJPT54USMGWT3Y6XVXLDEHKRUY2EI4OE/"},{"type":"ADVISORY","url":"https://checkstyle.org/releasenotes.html#Release_8.18"},{"type":"ADVISORY","url":"https://github.com/checkstyle/checkstyle/issues/6474"},{"type":"ADVISORY","url":"https://github.com/checkstyle/checkstyle/issues/6478"},{"type":"ADVISORY","url":"https://github.com/checkstyle/checkstyle/pull/6476"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2019/04/msg00029.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/checkstyle/checkstyle","events":[{"introduced":"0"},{"fixed":"252d29bdb6eb1984e115dc3f77114ec2ec7d10e7"}]}],"versions":["bcel","checkstyle-4.4","checkstyle-5.2","checkstyle-5.3","checkstyle-5.4","checkstyle-5.5","checkstyle-5.6","checkstyle-5.7","checkstyle-5.8","checkstyle-5.9","checkstyle-6.0","checkstyle-6.1","checkstyle-6.1.1","checkstyle-6.10","checkstyle-6.10.1","checkstyle-6.11","checkstyle-6.11.1","checkstyle-6.11.2","checkstyle-6.12","checkstyle-6.12.1","checkstyle-6.13","checkstyle-6.14","checkstyle-6.14.1","checkstyle-6.15","checkstyle-6.16","checkstyle-6.16.1","checkstyle-6.17","checkstyle-6.18","checkstyle-6.19","checkstyle-6.2","checkstyle-6.3","checkstyle-6.4","checkstyle-6.4.1","checkstyle-6.5","checkstyle-6.6","checkstyle-6.7","checkstyle-6.8","checkstyle-6.8.1","checkstyle-6.9","checkstyle-7.0","checkstyle-7.1","checkstyle-7.1.1","checkstyle-7.1.2","checkstyle-7.2","checkstyle-7.3","checkstyle-7.4","checkstyle-7.5","checkstyle-7.5.1","checkstyle-7.6","checkstyle-7.6.1","checkstyle-7.7","checkstyle-7.8","checkstyle-7.8.1","checkstyle-7.8.2","checkstyle-8.0","checkstyle-8.1","checkstyle-8.10","checkstyle-8.10.1","checkstyle-8.11","checkstyle-8.12","checkstyle-8.13","checkstyle-8.14","checkstyle-8.15","checkstyle-8.16","checkstyle-8.17","checkstyle-8.2","checkstyle-8.3","checkstyle-8.4","checkstyle-8.5","checkstyle-8.6","checkstyle-8.7","checkstyle-8.8","checkstyle-8.9","release1_1","release1_2","release1_3","release1_4","release2_0","release2_2","release2_4","release3_0","release3_1","release3_2","release3_3","release3_4","release4_0","release4_0_beta_1","release4_0_beta_2","release4_0_beta_3","release4_0_beta_4","release4_0_beta_5","release4_1","release4_2","release4_3","release4_4","release5_3","release5_4","release5_5","release5_6","release5_7","v2-branch_lmp"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-9658.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}]}