Lucene search

MitreCVE-2021-47621

HistoryJun 21, 2024 - 6:15 a.m.

CVE-2021-47621

2024-06-2106:15:10

CWE-611

mitre

web.nvd.nist.gov

classgraph

version 4.8.112

xml external entity

xxe

vulnerability

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

6.5

Confidence

High

EPSS

0.001

Percentile

18.8%

JSON

ClassGraph before 4.8.112 was not resistant to XML eXternal Entity (XXE) attacks.

References

docs.r3.com/en/platform/corda/4.8/enterprise/release-notes-enterprise.html

github.com/classgraph/classgraph/commit/681362ad6b0b9d9abaffb2e07099ce54d7a41fa3

github.com/classgraph/classgraph/pull/539

github.com/classgraph/classgraph/releases/tag/classgraph-4.8.112

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

6.5

Confidence

High

EPSS

0.001

Percentile

18.8%

JSON

Related for CVE-2021-47621