EUVD-2023-29843

Malicious code in bioql PyPI...

Xxe

National land numerical information data conversion tool all versions improperly restricts XML external entity references XXE. By processing a specially crafted XML file, arbitrary files on the PC may be accessed by an attacker...

Improper restriction of XML external entity references (XXE) in National land numerical information data conversion tool

Overview National land numerical information data conversion tool provided by MLIT improperly restricts XML external entity references XXE CWE-611. Taku Toyama and Kohei Matsumoto of NEC Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...

JVN#75742861: Improper restriction of XML external entity references (XXE) in National land numerical information data conversion tool

National land numerical information data conversion tool provided by MLIT improperly restricts XML external entity references XXE CWE-611. Impact By processing a specially crafted XML file, arbitrary files on the PC may be accessed by an attacker. Solution Stop using the product The developer...

National land numerical information data conversion tool 代码问题漏洞

National Land Information Division National land numerical information data conversion tool is a data conversion tool from National Land Information Division, Japan. A security vulnerability exists in the National land numerical information data conversion tool due to an improper restriction on X...