Every CVE whose affected-product data names Apache Ivy, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (3)
CVE-2022-37865 — CVSS 9.1 (critical): With Apache Ivy 2.4.0 an optional packaging attribute has been introduced that allows artifacts to be unpacked on the fly if they used…
CVE-2022-46751 — CVSS 8.2 (high): Improper Restriction of XML External Entity Reference, XML Injection (aka Blind XPath Injection) vulnerability in Apache Software…
CVE-2022-37866 — CVSS 7.5 (high): When Apache Ivy downloads artifacts from a repository it stores them in the local file system based on a user-supplied "pattern" that may…