187 matches found
Adobe Experience Manager 代码问题漏洞
Adobe Experience Manager is a content management solution from Adobe designed to help organizations efficiently create, manage and deliver cross-channel content while integrating business solutions to enhance the customer experience. Adobe Experience Manager suffers from an XML entity injection...
The vulnerability of the framework for working with large language models (LLMs) like LlamaIndex lies in the improper restriction on recursive references to entities in the DTD. This allows attackers to trigger a service failure.
The vulnerability of the LlamaIndex framework for working with large language models is related to an improper limitation on recursive references to entities in the DTD. Exploiting this vulnerability could allow a malicious actor to cause service failures...
Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
Overview llama-index-readers-stripe-docs is a llama-index readers stripedocs integration Affected versions of this package are vulnerable to Improper Restriction of Recursive Entity References in DTDs 'XML Entity Expansion' via the parsesitemap function. An attacker can exhaust system memory and...
CVE-2023-6194
In Eclipse Memory Analyzer versions 0.7 to 1.14.0, report definition XML files are not filtered to prohibit document type definition DTD references to external entities. This means that if a user chooses to use a malicious report definition XML file containing an external entity reference to...
CVE-2023-42132
FD Application Apr. 2022 Edition Version 9.01 and earlier improperly restricts XML external entity references XXE. By processing a specially crafted XML file, arbitrary files on the system may be read by an attacker...
CLSA-2025-1746188001 expat: Fix of CVE-2024-8176
CVE-2024-8176: fix stack overflow vulnerability when parsing deeply nested entity references...
CLSA-2025-1746187509 expat: Fix of CVE-2024-8176
CVE-2024-8176: fix stack overflow vulnerability when parsing deeply nested entity references...
CLSA-2025-1746187414 expat: Fix of CVE-2024-8176
CVE-2024-8176: fix stack overflow vulnerability when parsing deeply nested entity references...
USN-7424-1 expat vulnerability
It was discovered that Expat could crash due to stack overflow when processing XML documents with deeply nested entity references. If a user or automated system were tricked into processing specially crafted XML input, an attacker could use this issue to cause a denial of service...
USN-7368-1 snakeyaml vulnerability
It was discovered that SnakeYAML incorrectly handled recursive entity references. An attacker could possibly use this issue to cause SnakeYAML to crash, resulting in a denial of service...
AZL-58641 CVE-2024-8176 affecting package expat for versions less than 2.6.4-1
A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash...
GHSA-432C-WXPG-M4Q3 xml2rfc has file inclusion irregularities
Version 3.12.0 changed xml2rfc so that it would not access local files without the presence of its new --allow-local-file-access flag. This prevented XML External Entity XXE injection attacks with xinclude and XML entity references. It was discovered that xml2rfc does not respect...
HAPI FHIR 安全漏洞
HAPI FHIR is a Java-written HL7 FHIR API for the HAPI FHIR open source. A security vulnerability exists in HAPI FHIR versions prior to v6.4.0 that stems from the presence of an external entity reference that allows an attacker to access sensitive information or execute arbitrary code by providing...
The vulnerability of the XML tools for Ruby REXML stems from improper restrictions on recursive references to entities in DTDs. This allows attackers to trigger a service failure.
The vulnerability of the XML tools for Ruby REXML is related to improper restrictions on recursive references to entities in DTDs. Exploiting this vulnerability could allow an attacker to cause service failures remotely...
CVE-2024-6893
The "soapcgi.pyc" API handler allows the XML body of SOAP requests to contain references to external entities. This allows an unauthenticated attacker to read local files, perform server-side request forgery, and overwhelm the web server resources...
Easyadmin 代码问题漏洞
Easyadmin is a simple, lightweight backend management system scaffolding by laker personal developer. A code issue vulnerability exists in EasyAdmin version 20240315 and prior versions. An attacker exploited the vulnerability to cause xml external entity references...
CLSA-2024-1708417192 libxml2: Fix of 3 CVEs
CVE-2017-7375: add validation for parsed entity references - CVE-2017-7376: fix buffer overflow in URL handling - CVE-2017-8872: free input buffer in xmlHaltParser...
Xxe
Electronic Deliverables Creation Support Tool Construction Edition prior to Ver1.0.4 and Electronic Deliverables Creation Support Tool Design & Survey Edition prior to Ver1.0.4 improperly restrict XML external entity references XXE. By processing a specially crafted XML file, arbitrary files on t...
CVE-2024-22380
Electronic Delivery Check System Ministry of Agriculture, Forestry and Fisheries The Agriculture and Rural Development Project Version March, Heisei 31 era edition Ver.14.0.001.002 and earlier improperly restricts XML external entity references XXE. By processing a specially crafted XML file,...
CVE-2024-22380
Electronic Delivery Check System Ministry of Agriculture, Forestry and Fisheries The Agriculture and Rural Development Project Version March, Heisei 31 era edition Ver.14.0.001.002 and earlier improperly restricts XML external entity references XXE. By processing a specially crafted XML file,...