XML-Parser Expat (CVE-2022-23852)

Posted on 2022-02-02 by Eduard Heimbuch

Hey SCM-Manager Community,

Maybe you have heard about a new vulnerability regarding Expat which is likely as dangerous as Log4Shell.

The SCM-Manager is only affected if you have the PlantUML-Plugin installed. We highly recommend uninstalling this plugin until we can provide a fixed version. If your SCM-Manager is running inside the Cloudogu Ecosystem you also need to take down the PlantUML Dogu.

Also find the related forum post here.

Posted in scm-manager, security