Apache Any23 代码问题漏洞

🗓️ 05 Mar 2022 00:00:00Reported by China National Vulnerability Database of Information SecurityType

cnnvd

cnnvd🔗 www.cnnvd.org.cn👁 2 Views

Apache Any23 before 2.7 has a code issue enabling XML processing interference and file access.

Reporter	Title	Published	Views	Family All 13
ATTACKERKB	CVE-2022-25312	5 Mar 202200:15	–	attackerkb
BDU FSTEC	The vulnerability in the implementation of the extractor.rdfa.XSLTStylesheet object of the XSLTStylesheet class in the Apache Any23 library allows attackers to perform XXE attacks.	7 Apr 202200:00	–	bdu_fstec
Circl	CVE-2022-25312	5 Mar 202202:27	–	circl
CNVD	Apache Any23 code issue vulnerability	8 Mar 202200:00	–	cnvd
CVE	CVE-2022-25312	4 Mar 202223:25	–	cve
Cvelist	CVE-2022-25312 An XML external entity (XXE) injection vulnerability exists in the Apache Any23 RDFa XSLTStylesheet extractor	4 Mar 202223:25	–	cvelist
EUVD	EUVD-2022-1275	3 Oct 202520:07	–	euvd
Github Security Blog	Improper Restriction of XML External Entity Reference in Any23	6 Mar 202200:00	–	github
NVD	CVE-2022-25312	5 Mar 202200:15	–	nvd
OSV	GHSA-2RMM-87V7-34RJ Improper Restriction of XML External Entity Reference in Any23	6 Mar 202200:00	–	osv

Source	Link
lists	www.lists.apache.org/thread/y6cm5n3ksohsrhzqknqhzy7p3mtkyk23
openwall	www.openwall.com/lists/oss-security/2022/03/04/2
cybersecurity-help	www.cybersecurity-help.cz/vdb/SB2022030504
cxsecurity	www.cxsecurity.com/cveshow/CVE-2022-25312/

23 May 2026 00:00Current

5.8Medium risk

Vulners AI Score5.8

CVSS 26.4

CVSS 3.19.1

EPSS0.01272

apache any23 xml processing interference server file access external system interaction