5 matches found
CVE-2025-68280
Improper Restriction of XML External Entity Reference vulnerability in Apache SIS. It is possible to write XML files in such a way that, when parsed by Apache SIS, an XML file reveals to the attacker the content of a local file on the server running Apache SIS. This vulnerability impacts the...
GHSA-JQMR-2PG9-VFX7 Apache SIS has Improper Restriction of XML External Entity Reference vulnerability
Improper Restriction of XML External Entity Reference vulnerability in Apache SIS. It is possible to write XML files in such a way that, when parsed by Apache SIS, an XML file reveals to the attacker the content of a local file on the server running Apache SIS. This vulnerability impacts the...
CVE-2025-68280
Improper Restriction of XML External Entity Reference vulnerability in Apache SIS. It is possible to write XML files in such a way that, when parsed by Apache SIS, an XML file reveals to the attacker the content of a local file on the server running Apache SIS. This vulnerability impacts the...
CVE-2025-68280 Apache SIS: XML External Entity (XXE) vulnerability
Improper Restriction of XML External Entity Reference vulnerability in Apache SIS. It is possible to write XML files in such a way that, when parsed by Apache SIS, an XML file reveals to the attacker the content of a local file on the server running Apache SIS. This vulnerability impacts the...
CVE-2025-68280
CVE-2025-68280 affects Apache SIS versions 0.4–1.5. The issue is an improper restriction of XML External Entity (XXE) references, allowing an XML document to disclose content from the server’s local filesystem when parsed by SIS. Impacted services include reading GeoTIFFs with the GEO_METADATA ta...