{"id":"CVE-2019-5748","details":"In Traccar Server version 4.2, protocol/SpotProtocolDecoder.java might allow XXE attacks.","modified":"2026-04-11T17:54:08.470682Z","published":"2019-01-09T17:29:00.293Z","references":[{"type":"ADVISORY","url":"https://www.traccar.org/blog/"},{"type":"FIX","url":"https://github.com/traccar/traccar/commit/d7f6c53fd88635885914013649b6807ec53227bf"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/traccar/traccar","events":[{"introduced":"0"},{"last_affected":"25b6d4fe524f41ae9a37d7b57a2c4f0e8e1dfa25"},{"fixed":"d7f6c53fd88635885914013649b6807ec53227bf"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"4.2"}]}}],"versions":["v2.0","v2.1","v2.10","v2.11","v2.12","v2.2","v2.3","v2.4","v2.5","v2.6","v2.7","v2.8","v2.9","v3.0","v3.1","v3.10","v3.11","v3.12","v3.13","v3.14","v3.15","v3.16","v3.17","v3.2","v3.4","v3.5","v3.6","v3.7","v3.8","v3.9","v4.0","v4.1","v4.2"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-5748.json","vanir_signatures_modified":"2026-04-11T17:54:08Z","vanir_signatures":[{"id":"CVE-2019-5748-bd546df7","signature_type":"Line","source":"https://github.com/traccar/traccar/commit/d7f6c53fd88635885914013649b6807ec53227bf","signature_version":"v1","deprecated":false,"target":{"file":"src/org/traccar/protocol/SpotProtocolDecoder.java"},"digest":{"line_hashes":["64744398024010156530414990151867324035","103094106067725634274456181224152056068","137370831289664590268145846107581954716","290240703078587816964598778996448964437","101689998601590319437863611412017325679"],"threshold":0.9}},{"id":"CVE-2019-5748-e794ca27","signature_type":"Function","source":"https://github.com/traccar/traccar/commit/d7f6c53fd88635885914013649b6807ec53227bf","signature_version":"v1","deprecated":false,"target":{"function":"SpotProtocolDecoder","file":"src/org/traccar/protocol/SpotProtocolDecoder.java"},"digest":{"function_hash":"244839823815014023820227176207891796806","length":346}}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}