3 matches found
CVE-2018-11788
Apache Karaf provides a features deployer, which allows users to "hot deploy" a features XML by dropping the file directly in the deploy folder. The features XML is parsed by XMLInputFactory class. Apache Karaf XMLInputFactory class doesn't contain any mitigation codes against XXE. This is a...
CVE-2018-11788
Apache Karaf contains an XXE vulnerability in its XMLInputFactory used by the features deployer. The XMLInputFactory does not implement mitigation against external entities, enabling potential XML External Entity Injection in Karaf versions prior to 4.1.7 and prior to 4.2.2. First fixed in Karaf ...
CVE-2018-11788
A flaw was found in the Apache Karaf XMLInputFactory, where it does not prevent External Entity Processing XXE. This is a potential security risk as an attacker could inject external XML entities to access sensitive information or conduct further attacks...