CVE-2023-38693 RCE in Lucee REST endpoint

🗓️ 05 Mar 2025 15:37:55Reported by GitHub_MType

Lucee REST endpoint has RCE vulnerability fixed in recent versions due to XML XXE attack.

Reporter	Title	Published	Views	Family All 14
Circl	CVE-2023-38693	5 Mar 202518:37	–	circl
CNNVD	Lucee 代码问题漏洞	5 Mar 202500:00	–	cnnvd
CVE	CVE-2023-38693	5 Mar 202515:37	–	cve
EUVD	EUVD-2023-42476	3 Oct 202520:07	–	euvd
Github Security Blog	Lucee RCE/XXE Vulnerability	5 Mar 202518:31	–	github
NVD	CVE-2023-38693	5 Mar 202516:15	–	nvd
OSV	CVE-2023-38693 RCE in Lucee REST endpoint	5 Mar 202515:37	–	osv
OSV	GHSA-VWJX-MMWM-PWRF Lucee RCE/XXE Vulnerability	5 Mar 202518:31	–	osv
RedhatCVE	CVE-2023-38693	7 Mar 202515:41	–	redhatcve
Snyk	XML External Entity (XXE) Injection	5 Mar 202518:31	–	snyk

[
  {
    "vendor": "lucee",
    "product": "Lucee",
    "versions": [
      {
        "version": ">= 5.4.0.0, < 5.4.3.2",
        "status": "affected"
      },
      {
        "version": ">= 5.3.12.0, < 5.3.12.1",
        "status": "affected"
      },
      {
        "version": "< 5.3.7.59",
        "status": "affected"
      },
      {
        "version": ">= 5.3.8.0, < 5.3.8.236",
        "status": "affected"
      },
      {
        "version": ">= 5.3.9.0, < 5.3.9.173",
        "status": "affected"
      }
    ]
  }
]

Source	Link
github	www.github.com/lucee/Lucee/security/advisories/GHSA-vwjx-mmwm-pwrf

05 Mar 2025 15:37Current

CVSS 3.19.8

EPSS0.00294

CWE-611

cve-2023-38693 lucee rest endpoint rce vulnerability xml xxe attack fixes