Lucene search
GoogleOSV:CVE-2021-23792HistoryMay 06, 2022 - 8:15 p.m.
CVE-2021-23792
2022-05-0620:15:07
Google
osv.dev
3
cve-2021-23792
xml external entity (xxe) injection
xmp metadata
The package com.twelvemonkeys.imageio:imageio-metadata before 3.7.1 are vulnerable to XML External Entity (XXE) Injection due to an insecurely initialized XML parser for reading XMP Metadata. An attacker can exploit this vulnerability if they are able to supply a file (e.g. when an online profile picture is processed) with a malicious XMP segment. If the XMP metadata of the uploaded image is parsed, then the XXE vulnerability is triggered.
Related
cvelist
cvelist
CVE-2021-23792 XML External Entity (XXE) Injection
2022-05-06 20:05:10
ubuntucve
ubuntucve
CVE-2021-23792
2022-05-06 00:00:00
nvd
nvd
CVE-2021-23792
2022-05-06 20:15:07
prion
prion
Xxe
2022-05-06 20:15:00
debiancve
debiancve
CVE-2021-23792
2022-05-06 20:15:07
cve
cve
CVE-2021-23792
2022-05-06 20:15:07
osv
osv
External Entity Reference in TwelveMonkeys ImageIO
2022-05-07 00:00:31
veracode
veracode
XML External Entity (XXE) Injection
2022-05-09 05:38:55
github
github
External Entity Reference in TwelveMonkeys ImageIO
2022-05-07 00:00:31