Lucene search
K

4 matches found

vulnersOsv
vulnersOsv
added 2022/05/17 12:34 a.m.6 views

com.canoo:webtest (>=586 <=1393), com.flexiblewebsolutions.xdriveunit:xdriveunit (=0.3) +79 more potentially affected by CVE-2017-12621 via commons-jelly:commons-jelly (>=1.0 <=1.0-beta-4)

commons-jelly:commons-jelly MAVEN version =1.0, =586, =0.1, =1.0, =20050708.205531, =1.2, =1.0-M5, =1.0.1, =1.3, =1.9 - jepi:jepi =1.0 - marmalade:marmalade-compat-jelly =1.0-alpha-3 - maven-plugins:maven-sourceforge-plugin =1.3 and more Source cves: CVE-2017-12621 Source advisory:...

9.8CVSS6.9AI score0.08536EPSS
Exploits3
UbuntuCve
UbuntuCve
added 2017/09/28 1:29 a.m.22 views

CVE-2017-12621

During Jelly xml file parsing with Apache Xerces, if a custom doctype entity is declared with a "SYSTEM" entity with a URL and that entity is used in the body of the Jelly file, during parser instantiation the parser will attempt to connect to said URL. This could lead to XML External Entity XXE...

9.8CVSS6.9AI score0.08536EPSS
Exploits3References2
Cvelist
Cvelist
added 2017/09/27 4:0 p.m.27 views

CVE-2017-12621

During Jelly xml file parsing with Apache Xerces, if a custom doctype entity is declared with a "SYSTEM" entity with a URL and that entity is used in the body of the Jelly file, during parser instantiation the parser will attempt to connect to said URL. This could lead to XML External Entity XXE...

9.4AI score0.08536EPSS
Exploits3References4
CVE
CVE
added 2017/09/27 4:0 p.m.103 views

CVE-2017-12621

The CVE-2017-12621 issue is an XXE vulnerability in Apache Commons Jelly when parsing Jelly XML and a SYSTEM entity URL is used in the document, causing the parser to connect to that URL during instantiation. Affected version: Apache Commons Jelly before 1.0.1. Impact per sources indicates potent...

9.8CVSS9.2AI score0.08536EPSS
Exploits3References4Affected Software1
Rows per page
Query Builder