exist-db:exist-core XML External Entity (XXE) vulnerability

2018-12-2022:02:17

Google

osv.dev

0.002 Low

EPSS

Percentile

57.9%

JSON

exist version <= 5.0.0-RC4 contains a XML External Entity (XXE) vulnerability in XML Parser for REST Server that can result in Disclosure of confidential data, denial of service, SSRF, port scanning.

CPENameOperatorVersion
org.exist-db:exist-coreeq5.0.0
org.exist-db:exist-coreeq5.0.0-RC8

CPE	Name	Operator	Version
	org.exist-db:exist-core	eq	5.0.0
	org.exist-db:exist-core	eq	5.0.0-RC8

References

0dd.zone/2018/10/27/exist-XXE

github.com/advisories/GHSA-jxm5-5xcw-h57q

github.com/eXist-db/exist

github.com/eXist-db/exist/commit/1c3f0aec14d00bdbca175713af70cb7c7b868e9f

github.com/eXist-db/exist/commit/b210f9fbf379b68842f2b055dda80d7e7479e96f

github.com/eXist-db/exist/issues/2180

github.com/eXist-db/exist/pull/2243

github.com/eXist-db/exist/pull/2247

nvd.nist.gov/vuln/detail/CVE-2018-1000823

0.002 Low

EPSS

Percentile

57.9%

JSON

Related for OSV:GHSA-JXM5-5XCW-H57Q