CVE-2024-31573

medium

Description

XMLUnit for Java before 2.10.0, in the default configuration, might allow code execution via an untrusted stylesheet (used for an XSLT transformation), because XSLT extension functions are enabled.

References

https://github.com/advisories/GHSA-chfm-68vv-pvw5

https://github.com/xmlunit/xmlunit/issues/264

https://github.com/xmlunit/xmlunit/commit/b81d48b71dfd2868bdfc30a3e17ff973f32bc15b

Details

Source: Mitre, NVD

Published: 2025-10-17

Updated: 2025-10-21

Risk Information

CVSS v2

Base Score: 2.6

Vector: CVSS2#AV:L/AC:H/Au:N/C:P/I:P/A:N

Severity: Low

CVSS v3

Base Score: 4

Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Severity: Medium

EPSS

EPSS: 0.00012

Detections

Analytics