{"id":"CVE-2020-10992","details":"Azkaban through 3.84.0 allows XXE, related to validator/XmlValidatorManager.java and user/XmlUserManager.java.","modified":"2026-04-10T04:22:06.419089Z","published":"2020-03-27T00:15:11.370Z","references":[{"type":"EVIDENCE","url":"https://github.com/azkaban/azkaban/issues/2478"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/azkaban/azkaban","events":[{"introduced":"0"},{"last_affected":"375e27247c6cecd2c154e6903ab2a3efa5b6943e"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"3.84.0"}]}}],"versions":["2.5.0-rc1","2.5.0-rc2","2.5.0-rc3","2.5.0-rc4","2.6.0","2.6.1","2.6.2","2.6.3","2.6.4","2.7.0","3.0.0","3.1.0","3.10.0","3.11.0","3.12.0","3.13.0","3.14.0","3.15.0","3.16.0","3.17.0","3.18.0","3.19.0","3.2.0","3.20.0","3.21.0","3.22.0","3.23.0","3.24.0","3.25.0","3.25.1","3.26.0","3.27.0","3.28.0","3.29.0","3.3.0","3.30.0","3.31.0","3.32.0","3.32.1","3.33.0","3.34.0","3.35.0","3.36.0","3.37.0","3.38.0","3.39.0","3.39.1","3.4.0","3.4.1","3.40.0","3.41.0","3.42.0","3.43.0","3.44.0","3.45.0","3.45.1","3.45.2","3.46.0","3.47.0","3.47.1","3.47.2","3.48.0","3.49.0","3.5.0","3.50.0","3.50.1","3.50.2","3.51.0","3.51.1","3.51.3","3.51.4","3.52.0","3.53.0","3.54.0","3.55.0","3.56.0","3.57.0","3.58.0","3.59.0","3.6.0","3.60.0","3.61.0","3.62.0","3.64.0","3.65.0","3.66.0","3.67.0","3.68.0","3.69.0","3.7.0","3.70.0","3.70.1","3.71.0","3.71.1","3.72.0","3.72.1","3.73.0","3.73.1","3.73.4","3.74.0","3.74.3","3.74.5","3.74.6","3.74.7","3.75.0","3.75.1","3.75.2","3.76.0","3.77.0","3.78.0","3.78.1","3.79.0","3.8.0","3.80.0","3.80.1","3.81.0","3.81.1","3.81.2","3.81.3","3.81.4","3.82","3.82.0","3.83.0","3.84.0","3.9.0","3.9.2"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-10992.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}