← back
CVE-2024-31573

CVE-2024-31573

CVSS 4 MEDIUMEPSS 0.2%CWE-669
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 4EPSS 0.2%KEV nãoPoC Patch
Lifecycle
Oct 17, 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
XMLUnit for Java before 2.10.0, in the default configuration, might allow code execution via an untrusted stylesheet (used for an XSLT transformation), because XSLT extension functions are enabled.
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
Affected products
XMLUnit · XMLUnit for Java

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/advisories/GHSA-chfm-68vv-pvw5https://github.com/xmlunit/xmlunit/commit/b81d48b71dfd2868bdfc30a3e17ff973f32bc15bhttps://github.com/xmlunit/xmlunit/issues/264