2 matches found
com.alibaba.otter:manager.deployer (>=4.2.1 <=4.2.15), com.alibaba.otter:manager.web (>=4.2.1 <=4.2.15) +53 more potentially affected by CVE-2014-5325 via org.directwebremoting:dwr (>=2.0.rc2 <=2.0.11-RELEASE)
org.directwebremoting:dwr MAVEN version =2.0.rc2, =4.2.1, =4.2.1, =2.1, =2.1, =2.1, =2.1, =2.1, =2.1, =2.1, =2.1, =2.1, =2.1, =2.1, =2.1, =2.1.1 and more Source cves: CVE-2014-5325 Source advisory: OSV:GHSA-HQW5-62GP-RQGM...
CVE-2014-5325
The 1 DOMConverter, 2 JDOMConverter, 3 DOM4JConverter, and 4 XOMConverter functions in Direct Web Remoting DWR through 2.0.10 and 3.x through 3.0.RC2 allow remote attackers to read arbitrary files via DOM data containing an XML external entity declaration in conjunction with an entity reference,...