Lucene search

[email protected]CVE-2016-15026

HistoryFeb 20, 2023 - 11:15 a.m.

CVE-2016-15026

2023-02-2011:15:12

CWE-611

[email protected]

web.nvd.nist.gov

vulnerability

3breadt dd-plist

xml external entity reference

local attack

cve-2016-15026

nvd

4.3 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:S/C:P/I:P/A:P

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.4 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

41.6%

JSON

A vulnerability was found in 3breadt dd-plist 1.17 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to xml external entity reference. An attack has to be approached locally. Upgrading to version 1.18 is able to address this issue. The patch is identified as 8c954e8d9f6f6863729e50105a8abf3f87fff74c. It is recommended to upgrade the affected component. VDB-221486 is the identifier assigned to this vulnerability.

Affected configurations

Vulners

NVD

Node

3breadtdd-plistMatch1.17

CPENameOperatorVersion
dd-plist_project:dd-plistdd-plist project dd-plistlt1.18

CPE	Name	Operator	Version
dd-plist_project:dd-plist	dd-plist project dd-plist	lt	1.18

CNA Affected

[
  {
    "vendor": "3breadt",
    "product": "dd-plist",
    "versions": [
      {
        "version": "1.17",
        "status": "affected"
      }
    ]
  }
]