4 matches found
EUVD-2022-5332
Malicious code in bioql PyPI...
Xxe
It was discovered that the XmlUtils class in jbpmmigration 6.5 performed expansion of external parameter entities while parsing XML files. A remote attacker could use this flaw to read files accessible to the user running the application server and, potentially, perform other more advanced XML...
CVE-2017-7545
It was discovered that the XmlUtils class in jbpmmigration 6.5 performed expansion of external parameter entities while parsing XML files. A remote attacker could use this flaw to read files accessible to the user running the application server and, potentially, perform other more advanced XML...
CVE-2017-7545
CVE-2017-7545 affects jbpmmigration 6.5, where XmlUtils expands external parameter entities while parsing XML, enabling a remote attacker to read files accessible to the application server user and potentially conduct further XXE attacks. The GHSA and OSV entries corroborate XML External Entity R...