CVE-2024-34345 Information

Description

The CycloneDX JavaScript library contains the core functionality of OWASP CycloneDX for JavaScript. In 6.7.0 XML External entity injections were possible when running the provided XML Validator on arbitrary input. This issue was fixed in version 6.7.1.

Reference

https://github.com/CycloneDX/cyclonedx-javascript-library/security/advisories/GHSA-38gf-rh2w-gmj7 https://github.com/CycloneDX/cyclonedx-javascript-library/pull/1063 https://github.com/CycloneDX/cyclonedx-javascript-library/commit/5e5e1e0b9422f47d2de81c7c4064b803a01e7203