2 matches found
org.apache.syncope:syncope-core-upgrader (>=1.2.0 <=1.2.11), org.apache.syncope:syncope-standalone (>=1.1.0 <=1.1.8) potentially affected by CVE-2018-17186 via org.apache.syncope:syncope-core (>=1.1.0 <=1.2.9)
org.apache.syncope:syncope-core MAVEN version =1.1.0, =1.2.0, =1.1.0, =1.1.8 Source cves: CVE-2018-17186 Source advisory: OSV:GHSA-QFJV-998W-Q48F...
CVE-2018-17186
CVE-2018-17186 affects Apache Syncope (admin/workflow entitlements) where XML External Entity (XXE) via DTD in workflow definitions allows an attacker to read/write files and execute code. Multiple sources (CNVD/NVD/OSV/Veracode/GHSA) describe the vulnerability as involving DTD processing to perf...