4 matches found
com.canoo:webtest (>=586 <=1393), com.flexiblewebsolutions.xdriveunit:xdriveunit (=0.3) +79 more potentially affected by CVE-2017-12621 via commons-jelly:commons-jelly (>=1.0 <=1.0-beta-4)
commons-jelly:commons-jelly MAVEN version =1.0, =586, =0.1, =1.0, =20050708.205531, =1.2, =1.0-M5, =1.0.1, =1.3, =1.9 - jepi:jepi =1.0 - marmalade:marmalade-compat-jelly =1.0-alpha-3 - maven-plugins:maven-sourceforge-plugin =1.3 and more Source cves: CVE-2017-12621 Source advisory:...
CVE-2017-12621
During Jelly xml file parsing with Apache Xerces, if a custom doctype entity is declared with a "SYSTEM" entity with a URL and that entity is used in the body of the Jelly file, during parser instantiation the parser will attempt to connect to said URL. This could lead to XML External Entity XXE...
CVE-2017-12621
During Jelly xml file parsing with Apache Xerces, if a custom doctype entity is declared with a "SYSTEM" entity with a URL and that entity is used in the body of the Jelly file, during parser instantiation the parser will attempt to connect to said URL. This could lead to XML External Entity XXE...
CVE-2017-12621
The CVE-2017-12621 issue is an XXE vulnerability in Apache Commons Jelly when parsing Jelly XML and a SYSTEM entity URL is used in the document, causing the parser to connect to that URL during instantiation. Affected version: Apache Commons Jelly before 1.0.1. Impact per sources indicates potent...