Advisories ยป MGASA-2021-0133

Updated quartz packages fix a security vulnerability

Publication date: 14 Mar 2021
Modification date: 14 Mar 2021
Type: security
Affected Mageia releases : 7
CVE: CVE-2019-13990

Description

initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz
Scheduler through 2.3.0 allows XXE attacks via a job description
(CVE-2019-13990).
                

References

SRPMS

7/core