Lucene search
GitHub Advisory DatabaseGHSA-HQW5-62GP-RQGMHistoryMay 17, 2022 - 3:46 a.m.
Exposure of Sensitive Information to an Unauthorized Actor in Direct Web Remoting
2022-05-1703:46:06
CWE-200
GitHub Advisory Database
github.com
7
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.003 Low
EPSS
Percentile
71.1%
The (1) DOMConverter, (2) JDOMConverter, (3) DOM4JConverter, and (4) XOMConverter functions in Direct Web Remoting (DWR) through 2.0.10 and 3.x through 3.0.RC2 allow remote attackers to read arbitrary files via DOM data containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
Affected configurations
Node
org.directwebremoting\Matchdwr
ORorg.directwebremoting\Matchdwr
| CPE | Name | Operator | Version |
|---|---|---|---|
| org.directwebremoting:dwr | le | 3.0.RC2 | |
| org.directwebremoting:dwr | lt | 2.0.11 |
Related
jvn
jvn
prion
prion
Xxe
2014-11-24 02:59:00
nvd
nvd
CVE-2014-5325
2014-11-24 02:59:01
cvelist
cvelist
CVE-2014-5325
2014-11-24 02:00:00
cve
cve
CVE-2014-5325
2014-11-24 02:59:01
osv
osv
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.003 Low
EPSS
Percentile
71.1%
Related for GHSA-HQW5-62GP-RQGM