Lucene search
GitHub Advisory DatabaseGHSA-77JG-CPW9-73VGHistoryNov 30, 2023 - 12:30 p.m.
Apache Cocoon Improper Restriction of XML External Entity Reference vulnerability
2023-11-3012:30:18
CWE-611
GitHub Advisory Database
github.com
8
apache cocoon
xml
external entity
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
7.1
Confidence
High
EPSS
0.025
Percentile
90.2%
Improper Restriction of XML External Entity Reference vulnerability in Apache Cocoon. This issue affects Apache Cocoon: from 2.2.0 before 2.3.0.
Users are recommended to upgrade to version 2.3.0, which fixes the issue.
Affected configurations
Node
org.apache.cocooncocoonRange2.2.0–2.3.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| org.apache.cocoon | cocoon | * | cpe:2.3:a:org.apache.cocoon:cocoon:*:*:*:*:*:*:*:* |
Related
prion
prion
Xxe
2023-11-30 12:15:00
osv
osv
nvd
nvd
CVE-2023-49733
2023-11-30 12:15:09
cve
cve
CVE-2023-49733
2023-11-30 12:15:09
veracode
veracode
XML External Entity (XXE) Injection
2023-12-01 07:06:20
cvelist
cvelist
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
7.1
Confidence
High
EPSS
0.025
Percentile
90.2%
Related for GHSA-77JG-CPW9-73VG