Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
In DiffPlug Spotless before 1.20.0 (library and Maven plugin) and before 3.20.0 (Gradle plugin), the XML parser would resolve external entities over both HTTP and HTTPS and didn't respect the resolveExternalEntities setting. For example, this allows disclosure of file contents to a MITM attacker if a victim performs a spotlessApply operation on an untrusted XML file.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
DiffPlug Spotless 代码问题漏洞
Vulnerability Description
DiffPlug Spotless是一款代码格式化工具。该工具主要用于检查和修复代码格式错误。 DiffPlug Spotless 1.20.0之前版本(library和Maven插件)和3.20.0之前版本(Gradle插件)中存在代码问题漏洞。该漏洞源于网络系统或产品的代码开发过程中存在设计或实现不当的问题。
CVSS Information
N/A
Vulnerability Type
N/A