QwikSec

Security Database

CVE

CWE

Training

CVE-2019-13990

Published: Jul 26, 2019

Modified: Oct 15, 2024

PUBLISHED

Description

initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

[tomee-dev] 20190830 Re: Quartz CVE-2019-13990

mailing-list

[tomee-dev] 20190830 Quartz CVE-2019-13990

mailing-list

[tomee-dev] 20190908 Re: Quartz CVE-2019-13990

mailing-list

[tomee-commits] 20190908 svn commit: r1866633 - /tomee/deps/trunk/quartz-openejb-shade/pom.xml

mailing-list

[tomee-dev] 20190923 Re: [VOTE] Release quartz-openejb-shade 2.2.4

mailing-list

https://www.oracle.com/security-alerts/cpuapr2020.html

https://www.oracle.com/security-alerts/cpujul2020.html

https://github.com/quartz-scheduler/quartz/issues/467

[tomee-commits] 20200720 [jira] [Created] (TOMEE-2886) Update quartz-scheduler to mitigate CVE-2019-13990

mailing-list

[tomee-commits] 20200720 [jira] [Commented] (TOMEE-2886) Update quartz-scheduler to mitigate CVE-2019-13990

mailing-list

[tomee-commits] 20200720 [jira] [Assigned] (TOMEE-2886) Update quartz-scheduler to mitigate CVE-2019-13990

mailing-list

https://www.oracle.com/security-alerts/cpuoct2020.html

https://www.oracle.com/security-alerts/cpujan2021.html

https://www.oracle.com//security-alerts/cpujul2021.html

https://www.oracle.com/security-alerts/cpuoct2021.html

https://security.netapp.com/advisory/ntap-20221028-0002/

https://confluence.atlassian.com/security/ssot-117-cve-2019-13990-xxe-xml-external-entity-injection-vulnerability-in-jira-service-management-data-center-and-jira-service-management-server-1295385959.html

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.