Linux Distros Unpatched Vulnerability : CVE-2021-23792

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The package com.twelvemonkeys.imageio:imageio-metadata before 3.7.1 are vulnerable to XML External Entity XXE Injection due to an insecurely initialized XML...

XML External Entity (XXE) Injection

com.twelvemonkeys.imageio, imageio-metadata is vulnerable to XML external entity injection attacks. The vulnerability exist in parseDirectories function in XMPReader.javadue to lack of validation in XML parser which allows attackers to submit malicious XML and gain access to sensitive information...

ai.idylnlp:idylnlp-dl4j (>=1.0.0 <=1.1.0), ai.idylnlp:idylnlp-models-deeplearning (>=1.0.0 <=1.1.0) +724 more potentially affected by CVE-2021-23792 via com.twelvemonkeys.imageio:imageio-metadata (>=3.0 <=3.7.0)

com.twelvemonkeys.imageio:imageio-metadata MAVEN version =3.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =0.3.0 - ai.konduit.serving:konduit-serving-gpu-nano =0.1.0 and more Source cves: CVE-2021-23792 Source advisory: OSV:GHSA-PJCH-4G28-FXX7...

CVE-2021-23792

The package com.twelvemonkeys.imageio:imageio-metadata before 3.7.1 are vulnerable to XML External Entity XXE Injection due to an insecurely initialized XML parser for reading XMP Metadata. An attacker can exploit this vulnerability if they are able to supply a file e.g. when an online profile...

UBUNTU-CVE-2021-23792

The package com.twelvemonkeys.imageio:imageio-metadata before 3.7.1 are vulnerable to XML External Entity XXE Injection due to an insecurely initialized XML parser for reading XMP Metadata. An attacker can exploit this vulnerability if they are able to supply a file e.g. when an online profile...

CVE-2021-23792

The CVE-2021-23792 issue affects the TwelveMonkeys project: the component com.twelvemonkeys.imageio:imageio-metadata is vulnerable to XML External Entity (XXE) Injection due to an insecurely initialized XML parser when reading XMP Metadata. Affected versions are before 3.7.1. If an attacker can s...

ai.idylnlp:idylnlp-dl4j (>=1.0.0 <=1.1.0), ai.idylnlp:idylnlp-models-deeplearning (>=1.0.0 <=1.1.0) +724 more potentially affected by CVE-2021-23792 via com.twelvemonkeys.imageio:imageio-metadata (>=3.0 <=3.7.0)

com.twelvemonkeys.imageio:imageio-metadata MAVEN version =3.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =0.3.0 - ai.konduit.serving:konduit-serving-gpu-nano =0.1.0 and more Source cves: CVE-2021-23792 Source advisory: SNYK:JAVA-COMTWELVEMONKEYSIMAGEIO-231676...

XML External Entity (XXE) Injection

Overview com.twelvemonkeys.imageio:imageio-metadata is an ImageIO metadata module. Affected versions of this package are vulnerable to XML External Entity XXE Injection due to an insecurely initialized XML parser for reading XMP Metadata. An attacker can exploit this vulnerability if they are abl...