CVE-2019-9628

The XMLTooling library all versions prior to V3.0.4, provided with the OpenSAML and Shibboleth Service Provider software, contains an XML parsing class. Invalid data in the XML declaration causes an exception of a type that was not handled properly in the parser class and propagates an unexpected exception type.

Published : 2019-04-11 20:29 Updated : 2019-05-10 19:32

5.0
CVSS Score More info
Score 5.0 / 10
5.0
Vendor Product Version URI
Xmltooling Project Xmltooling 1.5.4 cpe:/a:xmltooling_project:xmltooling:1.5.4
Canonical Ubuntu Linux 14.04 cpe:/o:canonical:ubuntu_linux:14.04::~~lts~~~
Canonical Ubuntu Linux 16.04 cpe:/o:canonical:ubuntu_linux:16.04::~~lts~~~
Canonical Ubuntu Linux 18.04 cpe:/o:canonical:ubuntu_linux:18.04::~~lts~~~
Canonical Ubuntu Linux 18.10 cpe:/o:canonical:ubuntu_linux:18.10
Opensuse Leap 15.0 cpe:/o:opensuse:leap:15.0
Opensuse Leap 42.3 cpe:/o:opensuse:leap:42.3
  1. Xmltooling Project (1) Search CVE
    1. Xmltooling (1) Search CVE
      1. 1.5.4
  2. Canonical (1) Search CVE
    1. Ubuntu Linux (4) Search CVE
      1. 14.04
      2. 16.04
      3. 18.04
      4. 18.10
  3. Opensuse (1) Search CVE
    1. Leap (2) Search CVE
      1. 15.0
      2. 42.3

CWE

ID Name Description Links
CWE-20 Improper Input Validation The product does not validate or incorrectly validates input that can affect the control flow or data flow of a program. CVE

History of changes