CVE-2022-41967EPSS p41.9%

CVE-2022-41967CVE-2022-41967

hypera / dragonfly

Description

Dragonfly is a Java runtime dependency management library. Dragonfly v0.3.0-SNAPSHOT does not configure DocumentBuilderFactory to prevent XML external entity (XXE) attacks. This issue is patched in 0.3.1-SNAPSHOT. As a workaround, since Dragonfly only parses XML `SNAPSHOT` versions are being resolved, this vulnerability may be avoided by not trying to resolve `SNAPSHOT` versions.

Scoring

CVSS 7.0 ()
VectorCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L
EPSS0.56% probability of exploitation · percentile 41.9% · 2026-06-19T12:03:05Z
Last modified2026-06-17
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.