Your submission was sent successfully! Close

CVE-2019-13990

Published: 26 July 2019

initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description.

Priority

Medium

CVSS 3 base score: 9.8

Status

Package Release Status
libquartz-java
Launchpad, Ubuntu, Debian
bionic Needs triage

disco Ignored
(reached end-of-life)
eoan Ignored
(reached end-of-life)
focal Needs triage

groovy Ignored
(reached end-of-life)
hirsute Ignored
(reached end-of-life)
impish Needs triage

jammy Needs triage

precise Does not exist

trusty Does not exist

upstream Needs triage

xenial Ignored
(end of standard support, was needs-triage)
libquartz2-java
Launchpad, Ubuntu, Debian
bionic Needs triage

disco Ignored
(reached end-of-life)
eoan Ignored
(reached end-of-life)
focal Needs triage

groovy Not vulnerable
(2.3.0-3)
hirsute Not vulnerable
(2.3.0-3)
impish Not vulnerable
(2.3.0-3)
jammy Not vulnerable
(2.3.0-3)
precise Does not exist

trusty Does not exist

upstream Needs triage

xenial Does not exist