2 matches found
CVE-2018-20059
jaxb/JaxbEngine.java in Pippo 1.11.0 allows XXE...
CVE-2018-20059
CVE-2018-20059 concerns Pippo 1.11.0 where jaxb/JaxbEngine.java allows XML External Entity (XXE) processing. The issue arises from the XML parser not disabling external DTD usage, enabling potential XXE attacks. Connected advisories (GHSA-RMM5-G63H-M6G9, VERACODE, Red Hat/OSV entries) corroborate...