Lucene search
GoogleOSV:GHSA-F5QF-VH69-9Q4RHistoryMay 14, 2022 - 12:55 a.m.
SimpleXML vulnerable to XML External Entity (XXE)
2022-05-1400:55:56
Google
osv.dev
8
simplexml
xxe
ssrf
information disclosure
dos
EPSS
0.004
Percentile
73.3%
SimpleXML (latest version 2.7.1) is vulnerable to an XXE vulnerability resulting SSRF, information disclosure, DoS and so on.
References
github.com/ngallagher/simplexml
github.com/ngallagher/simplexml/issues/18
lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E
lists.apache.org/thread.html/8c4ef27e2c0218f29e785990dc919266855aea137c958f10d242cb36@%3Cdev.lucene.apache.org%3E
lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5@%3Csolr-user.lucene.apache.org%3E
nvd.nist.gov/vuln/detail/CVE-2017-1000190
Related
nvd
nvd
CVE-2017-1000190
2017-11-17 21:29:00
prion
prion
Design/Logic Flaw
2017-11-17 21:29:00
veracode
veracode
XML External Entity (XXE)
2017-11-20 02:25:22
ibm
ibm
Security Bulletin: Vulnerability in Apache Solr affects IBM Operations Analytics - Log Analysis (CVE-2017-1000190)
2021-04-22 05:45:13
Log Analysis Security Bulletin List
2021-09-01 11:04:11
ubuntucve
ubuntucve
CVE-2017-1000190
2017-11-17 00:00:00
cvelist
cvelist
CVE-2017-1000190
2017-11-17 21:00:00
debiancve
debiancve
CVE-2017-1000190
2017-11-17 21:29:00
f5
f5
K02511873 : SimpleXML vulnerability CVE-2017-1000190
2018-01-04 00:00:00
cve
cve
CVE-2017-1000190
2017-11-17 21:29:00
github
github
SimpleXML vulnerable to XML External Entity (XXE)
2022-05-14 00:55:56
osv
osv
CVE-2017-1000190
2017-11-17 21:29:00