Security Vulnerability - PlantUML plugin - (XML-Parser Expat - CVE-2022-23852)

Hey SCM-Manager community,

currently there is a security vulnerability in the XML Parser library Expat (libexpat), which unfortunately affects the PlantUML plugin for the SCM-Manager and also the PlantUML Dogu in the Cloudogu EcoSystem (CVE-2022-23852, CVSS 9.8 according to National Vulnerability Database, severity critical, find more information here). The vulnerability allows attackers to inject and execute malicious code.

To prevent attackers from exploiting this vulnerability, we ask you to:

  • uninstall the PlantUML plugin in SCM-Manager
  • take down the PlantUML Dogu inside the Cloudogu EcoSystem

We will keep you updated here and let you know, as soon as there is a fix available.