5 matches found
XML External Entity (XXE) Injection
leshan-core is vulnerable to XML External Entity XXE Injection. The vulnerability exists because the DDFFileParser function of DDFFileParser.java and the validate function of DefaultDDFFileValidator.java does not properly sanitize external DTDs by default, which allows an attacker to inject and...
GHSA-WC9J-GC65-3CM7 DDFFileParser is vulnerable to XXE Attacks
Impact DDFFileParser and DefaultDDFFileValidator and so ObjectLoader are vulnerable to XXE AttacksProcessing. DDF file is a LWM2M format used to store LWM2M object description. Leshan users are impacted only if they parse untrusted DDF files e.g. if they let external users provide their own model...
DDFFileParser is vulnerable to XXE Attacks
Impact DDFFileParser and DefaultDDFFileValidator and so ObjectLoader are vulnerable to XXE AttacksProcessing. DDF file is a LWM2M format used to store LWM2M object description. Leshan users are impacted only if they parse untrusted DDF files e.g. if they let external users provide their own model...
CVE-2023-41034
The CVE-2023-41034 issue affects Eclipse Leshan: DDFFileParser, DefaultDDFFileValidator (and ObjectLoader) are vulnerable to XXE Attacks when parsing untrusted DDF files. The root cause is exposure to XML External Entities. Remediation is to upgrade to fixed versions 1.5.0 or 2.0.0-M13; upgrades ...
CVE-2023-41034 DDFFileParser in eclipse leshan is vulnerable to XXE Attacks
Eclipse Leshan is a device management server and client Java implementation. In affected versions DDFFileParser and DefaultDDFFileValidator and so ObjectLoader are vulnerable to XXE Attacks. A DDF file is a LWM2M format used to store LWM2M object description. Leshan users are impacted only if the...