CVE-2021-47621 – XML External Entity (XXE)

Severity: None2025-12-19

Security Advisories

Abstract

ClassGraph before 4.8.112 was not resistant to XML eXternal Entity (XXE) attacks.

The Oxygen products incorporate ClassGraph (io.github.classgraph:classgraph) as a third‑party library. This advisory was opened to address the potential impact of this third‑party library vulnerability.

Affected Products/Versions

ProductSeverityFixed Release Availability
Oxygen Feedback v5.2.1 and olderNoneOxygen Feedback 5.2.3 build 2025071110

Mitigation

None

Detail

CVE-2021-47621

Severity: High

CVSS Score: 7.5

ClassGraph prior to 4.8.112 is susceptible to XML External Entity (XXE) issues. If attacker‑controlled XML is parsed by the library with external entity resolution enabled, it could lead to unintended file disclosure or outbound network requests under the application’s privileges.

We reviewed how this library is used in our code and confirmed no user‑controlled XML is parsed through ClassGraph. On that basis, our product is not exploitable via this issue.

. We updated the dependency to a non-vulnerable version in Oxygen Feedback 5.2.3 build 2025071110.

List of Security Advisories

Video Tutorials
Upcoming Events
webinar
Vibe Authoring with Oxygen AI Positron 8.0
January 21, 2026

Products

Features

Shop

Resources

Support

Company

© 2002-2025 SyncRO Soft SRL. All rights reserved.

This website was created & generated with <oXygen/>®XML Editor