CVE-2018-20000

2018-12-1002:29:00

Google

osv.dev

AI Score

6.6

Confidence

High

EPSS

0.001

Percentile

50.1%

JSON

Apereo Bedework bw-webdav before 4.0.3 allows XXE attacks, as demonstrated by an invite-reply document that reads a local file, related to webdav/servlet/common/MethodBase.java and webdav/servlet/common/PostRequestPars.java.

References

github.com/Bedework/bw-webdav/compare/bw-webdav-4.0.2...bw-webdav-4.0.3

github.com/Bedework/bw-webdav/pull/1