exist version <= 5.0.0-RC4 contains a XML External Entity (XXE) vulnerability in XML Parser for REST Server that can result in Disclosure of confidential data, denial of service, SSRF, port scanning.
CPE | Name | Operator | Version |
---|---|---|---|
org.exist-db:exist-core | eq | 5.0.0 | |
org.exist-db:exist-core | eq | 5.0.0-RC8 |
0dd.zone/2018/10/27/exist-XXE
github.com/advisories/GHSA-jxm5-5xcw-h57q
github.com/eXist-db/exist
github.com/eXist-db/exist/commit/1c3f0aec14d00bdbca175713af70cb7c7b868e9f
github.com/eXist-db/exist/commit/b210f9fbf379b68842f2b055dda80d7e7479e96f
github.com/eXist-db/exist/issues/2180
github.com/eXist-db/exist/pull/2243
github.com/eXist-db/exist/pull/2247
nvd.nist.gov/vuln/detail/CVE-2018-1000823