CVE-2023-49733

Improper Restriction of XML External Entity Reference vulnerability in Apache Cocoon.This issue affects Apache Cocoon: from 2.2.0 before 2.3.0. Users are recommended to upgrade to version 2.3.0, which fixes the issue...

EUVD-2023-2906

Malicious code in bioql PyPI...

EUVD-2025-0182

Malicious code in bioql PyPI...

EUVD-2023-2931

Malicious code in bioql PyPI...

CVE-2025-24783

UNSUPPORTED WHEN ASSIGNED Incorrect Usage of Seeds in Pseudo-Random Number Generator PRNG vulnerability in Apache Cocoon. This issue affects Apache Cocoon: all versions. When a continuation is created, it gets a random identifier. Because the random number generator used to generate these...

CVE-2022-45135

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Apache Cocoon.This issue affects Apache Cocoon: from 2.2.0 before 2.3.0. Users are recommended to upgrade to version 2.3.0, which fixes the issue...

GHSA-PFF9-53M5-QR56 Apache Cocoon vulnerable to Incorrect Usage of Seeds in Pseudo-Random Number Generator

Incorrect Usage of Seeds in Pseudo-Random Number Generator PRNG vulnerability in Apache Cocoon. This issue affects Apache Cocoon: all versions. When a continuation is created, it gets a random identifier. Because the random number generator used to generate these identifiers was seeded with the...

Apache Cocoon vulnerable to Incorrect Usage of Seeds in Pseudo-Random Number Generator

Incorrect Usage of Seeds in Pseudo-Random Number Generator PRNG vulnerability in Apache Cocoon. This issue affects Apache Cocoon: all versions. When a continuation is created, it gets a random identifier. Because the random number generator used to generate these identifiers was seeded with the...

CVE-2025-24783

UNSUPPORTED WHEN ASSIGNED Incorrect Usage of Seeds in Pseudo-Random Number Generator PRNG vulnerability in Apache Cocoon. This issue affects Apache Cocoon: all versions. When a continuation is created, it gets a random identifier. Because the random number generator used to generate these...

CVE-2025-24783 Apache Cocoon: continuations may not be private

UNSUPPORTED WHEN ASSIGNED Incorrect Usage of Seeds in Pseudo-Random Number Generator PRNG vulnerability in Apache Cocoon. This issue affects Apache Cocoon: all versions. When a continuation is created, it gets a random identifier. Because the random number generator used to generate these...

CVE-2025-24783

Apache Cocoon is affected by an Incorrect Usage of Seeds in the PRNG for continuation identifiers. The PRNG is seeded with startup time, making continuation IDs potentially predictable and enabling access to unauthorized continuations. The issue is stated to affect all versions of Apache Cocoon, ...

CVE-2025-24783 Apache Cocoon: continuations may not be private

UNSUPPORTED WHEN ASSIGNED Incorrect Usage of Seeds in Pseudo-Random Number Generator PRNG vulnerability in Apache Cocoon. This issue affects Apache Cocoon: all versions. When a continuation is created, it gets a random identifier. Because the random number generator used to generate these...

PT-2025-5567 · Apache · Apache Cocoon

Name of the Vulnerable Software and Affected Versions: Apache Cocoon versions all versions Description: The issue is related to the incorrect usage of seeds in the pseudo-random number generator PRNG in Apache Cocoon. When a continuation is created, it gets a random identifier. Because the random...

Apache Cocoon 安全漏洞

Apache Cocoon is a Web application framework built on the concept of component-based Web development from the Apache Foundation. A security vulnerability exists in Apache Cocoon that stems from the fact that Apache Cocoon uses a pseudo-random number generator PRNG when generating continuation...

Apache Cocoon SQL Injection Vulnerability

Apache Cocoon is the United States Apache Apache Foundation of a component-based Web development concepts built Web application framework. Apache Cocoon suffers from a SQL injection vulnerability that stems from the application's lack of validation of externally entered SQL statements. An attacke...

Apache Cocoon XML External Entity Injection Vulnerability

Apache Cocoon is the United States Apache Apache Foundation of a component-based Web development concepts built Web application framework. Apache Cocoon suffers from an XML External Entity Injection vulnerability that arises from a network system or product that does not have the correct filters ...

SQL Injection

Apache Cocoon is vulnerable to SQL Injection. The vulnerability is due to the DatabaseCookieAuthenticatorAction class improperly sanitizing parameters used in an SQL command. This issue can be exploited by an attacker by injecting malicious SQL commands resulting in SQL injection...

XML External Entity (XXE) Injection

Apache Cocoon is vulnerable to XML External Entity XXE Injection. The vulnerability is due to improper XML parsing configuration in the StreamGenerator class, which allows an attacker to submit a malicious XML document, resulting in XXE. An attacker can exploit this flaw to read arbitrary files o...

GHSA-77JG-CPW9-73VG Apache Cocoon Improper Restriction of XML External Entity Reference vulnerability

Improper Restriction of XML External Entity Reference vulnerability in Apache Cocoon. This issue affects Apache Cocoon: from 2.2.0 before 2.3.0. Users are recommended to upgrade to version 2.3.0, which fixes the issue...

Apache Cocoon Improper Restriction of XML External Entity Reference vulnerability

Improper Restriction of XML External Entity Reference vulnerability in Apache Cocoon. This issue affects Apache Cocoon: from 2.2.0 before 2.3.0. Users are recommended to upgrade to version 2.3.0, which fixes the issue...