Apache Cocoon 2.1.12 - XML Injection

Apache Cocoon 2.1.12 is susceptible to XML injection. When using the StreamGenerator, the code parses a user-provided XML. A specially crafted XML, including external system entities, can be used to access any file on the server system. id: CVE-2020-11991 info: name: Apache Cocoon 2.1.12 - XML...

CVE-2023-49733

Improper Restriction of XML External Entity Reference vulnerability in Apache Cocoon.This issue affects Apache Cocoon: from 2.2.0 before 2.3.0. Users are recommended to upgrade to version 2.3.0, which fixes the issue...

EUVD-2023-2906

Malicious code in bioql PyPI...

EUVD-2025-0182

Malicious code in bioql PyPI...

EUVD-2024-3124

Malicious code in bioql PyPI...

EUVD-2023-2931

Malicious code in bioql PyPI...

CVE-2025-24783

UNSUPPORTED WHEN ASSIGNED Incorrect Usage of Seeds in Pseudo-Random Number Generator PRNG vulnerability in Apache Cocoon. This issue affects Apache Cocoon: all versions. When a continuation is created, it gets a random identifier. Because the random number generator used to generate these...

CVE-2024-21530

Versions of the package cocoon before 0.4.0 are vulnerable to Reusing a Nonce, Key Pair in Encryption when the encrypt, wrap, and dump functions are sequentially called. An attacker can generate the same ciphertext by creating a new encrypted message with the same cocoon object. Note: The issue...

CVE-2022-45135

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Apache Cocoon.This issue affects Apache Cocoon: from 2.2.0 before 2.3.0. Users are recommended to upgrade to version 2.3.0, which fixes the issue...

GHSA-PFF9-53M5-QR56 Apache Cocoon vulnerable to Incorrect Usage of Seeds in Pseudo-Random Number Generator

Incorrect Usage of Seeds in Pseudo-Random Number Generator PRNG vulnerability in Apache Cocoon. This issue affects Apache Cocoon: all versions. When a continuation is created, it gets a random identifier. Because the random number generator used to generate these identifiers was seeded with the...

org.apache.cocoon:cocoon-apples-sample (=2.3.0), org.apache.cocoon:cocoon-dist-samples (=2.3.0) +8 more potentially affected by CVE-2025-24783 via org.apache.cocoon:cocoon-forms-impl (=2.3.0)

org.apache.cocoon:cocoon-forms-impl MAVEN version =2.3.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.cocoon:cocoon-forms-impl and may be impacted: - org.apache.cocoon:cocoon-apples-sample =2.3.0 - org.apache.cocoon:cocoon-dist-samples...

Apache Cocoon vulnerable to Incorrect Usage of Seeds in Pseudo-Random Number Generator

Incorrect Usage of Seeds in Pseudo-Random Number Generator PRNG vulnerability in Apache Cocoon. This issue affects Apache Cocoon: all versions. When a continuation is created, it gets a random identifier. Because the random number generator used to generate these identifiers was seeded with the...

eu.interedition:collatex-cocoon (>=1.3 <=1.5.1), org.apache.cocoon:cocoon-acegisecurity-sample (=2.3.0) +129 more potentially affected by CVE-2025-24783 via org.apache.cocoon:cocoon-sitemap-impl (>=1.0.0-RC1 <=2.3.0)

org.apache.cocoon:cocoon-sitemap-impl MAVEN version =1.0.0-RC1, =1.3, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =2.3.0 - org.apache.cocoon:cocoon-auth-sample =2.3.0 - org.apache.cocoon:cocoon-authentication-fw-impl =2.3.0 - org.apache.cocoon:cocoon-authentication-fw-sample =2.3.0 -...

CVE-2025-24783

UNSUPPORTED WHEN ASSIGNED Incorrect Usage of Seeds in Pseudo-Random Number Generator PRNG vulnerability in Apache Cocoon. This issue affects Apache Cocoon: all versions. When a continuation is created, it gets a random identifier. Because the random number generator used to generate these...

CVE-2025-24783 Apache Cocoon: continuations may not be private

UNSUPPORTED WHEN ASSIGNED Incorrect Usage of Seeds in Pseudo-Random Number Generator PRNG vulnerability in Apache Cocoon. This issue affects Apache Cocoon: all versions. When a continuation is created, it gets a random identifier. Because the random number generator used to generate these...

CVE-2025-24783 Apache Cocoon: continuations may not be private

UNSUPPORTED WHEN ASSIGNED Incorrect Usage of Seeds in Pseudo-Random Number Generator PRNG vulnerability in Apache Cocoon. This issue affects Apache Cocoon: all versions. When a continuation is created, it gets a random identifier. Because the random number generator used to generate these...

CVE-2025-24783

Apache Cocoon is affected by an Incorrect Usage of Seeds in the PRNG for continuation identifiers. The PRNG is seeded with startup time, making continuation IDs potentially predictable and enabling access to unauthorized continuations. The issue is stated to affect all versions of Apache Cocoon, ...

PT-2025-5567 · Apache · Apache Cocoon

Name of the Vulnerable Software and Affected Versions: Apache Cocoon versions all versions Description: The issue is related to the incorrect usage of seeds in the pseudo-random number generator PRNG in Apache Cocoon. When a continuation is created, it gets a random identifier. Because the random...

Apache Cocoon 安全漏洞

Apache Cocoon is a Web application framework built on the concept of component-based Web development from the Apache Foundation. A security vulnerability exists in Apache Cocoon that stems from the fact that Apache Cocoon uses a pseudo-random number generator PRNG when generating continuation...

Duplicate Advisory: cocoon Reuses a Nonce, Key Pair in Encryption

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-6878-6wc2-pf5h. This link is maintained to preserve external references. Original Description Versions of the package cocoon before 0.4.0 are vulnerable to Reusing a Nonce, Key Pair in Encryption when the encryp...