18 matches found
EUVD-2025-29417
Malicious code in bioql PyPI...
EUVD-2025-7729
Malicious code in bioql PyPI...
EUVD-2025-29362
Malicious code in bioql PyPI...
EUVD-2025-29374
Malicious code in bioql PyPI...
CVE-2025-27136
LocalS3 is an Amazon S3 mock service for testing and local development. Prior to version 1.21, the LocalS3 service's bucket creation endpoint is vulnerable to XML External Entity XXE injection. When processing the CreateBucketConfiguration XML document during bucket creation, the service's XML...
CVE-2025-27136
LocalS3 is an Amazon S3 mock service for testing and local development. Prior to version 1.21, the LocalS3 service's bucket creation endpoint is vulnerable to XML External Entity XXE injection. When processing the CreateBucketConfiguration XML document during bucket creation, the service's XML...
GHSA-47QW-CCJM-9C2C LocalS3 XML Parser Vulnerable to XML External Entity (XXE) Injection
Description The LocalS3 project, which implements an S3-compatible storage interface, contains a critical XML External Entity XXE Injection vulnerability in its XML parsing functionality. When processing XML requests for multipart upload operations, the application accepts and processes XML...
LocalS3 XML Parser Vulnerable to XML External Entity (XXE) Injection
Description The LocalS3 project, which implements an S3-compatible storage interface, contains a critical XML External Entity XXE Injection vulnerability in its XML parsing functionality. When processing XML requests for multipart upload operations, the application accepts and processes XML...
LocalS3 Project Vulnerable to XML External Entity (XXE) Injection via Bucket Tagging API
Description The LocalS3 project, an S3-compatible storage service, is vulnerable to XML External Entity XXE injection through its bucket tagging API. The vulnerability exists because the application processes XML input without properly disabling external entity resolution. When processing XML dat...
GHSA-V232-254C-M6P7 LocalS3 Project Vulnerable to XML External Entity (XXE) Injection via Bucket Tagging API
Description The LocalS3 project, an S3-compatible storage service, is vulnerable to XML External Entity XXE injection through its bucket tagging API. The vulnerability exists because the application processes XML input without properly disabling external entity resolution. When processing XML dat...
GHSA-2466-4485-4PXJ LocalS3 Project Bucket Operations Vulnerable to XML External Entity (XXE) Injection
Description The LocalS3 project contains an XML External Entity XXE Injection vulnerability in its bucket operations that process XML data. Specifically, the vulnerability exists in the bucket ACL and bucket tagging operations. The application processes XML input without properly disabling extern...
CVE-2025-27136
CVE-2025-27136 concerns LocalS3, a local S3 mock service. Multiple connected sources confirm that before version 1.21, the bucket creation endpoint processes CreateBucketConfiguration with an XML parser that resolves external entities. An attacker can declare an external entity to reference an in...
CVE-2025-27136 LocalS3 CreateBucketConfiguration Endpoint XML External Entity (XXE) Injection
LocalS3 is an Amazon S3 mock service for testing and local development. Prior to version 1.21, the LocalS3 service's bucket creation endpoint is vulnerable to XML External Entity XXE injection. When processing the CreateBucketConfiguration XML document during bucket creation, the service's XML...
CVE-2025-27136 LocalS3 CreateBucketConfiguration Endpoint XML External Entity (XXE) Injection
LocalS3 is an Amazon S3 mock service for testing and local development. Prior to version 1.21, the LocalS3 service's bucket creation endpoint is vulnerable to XML External Entity XXE injection. When processing the CreateBucketConfiguration XML document during bucket creation, the service's XML...
CVE-2025-27136 LocalS3 CreateBucketConfiguration Endpoint XML External Entity (XXE) Injection
LocalS3 is an Amazon S3 mock service for testing and local development. Prior to version 1.21, the LocalS3 service's bucket creation endpoint is vulnerable to XML External Entity XXE injection. When processing the CreateBucketConfiguration XML document during bucket creation, the service's XML...
LocalS3 CreateBucketConfiguration Endpoint XML External Entity (XXE) Injection
Description The LocalS3 service's bucket creation endpoint is vulnerable to XML External Entity XXE injection. When processing the CreateBucketConfiguration XML document during bucket creation, the service's XML parser is configured to resolve external entities. This allows an attacker to declare...
LocalS3 代码问题漏洞
LocalS3 is a Netty-based implementation of the Amazon S3 service by Luo's personal developer. A code issue vulnerability exists in LocalS3 versions prior to 1.21, which stems from the presence of an XML external entity injection vulnerability that could lead to a server-side request forgery attac...
PT-2025-10615 · Locals3 · Locals3
Name of the Vulnerable Software and Affected Versions: LocalS3 versions prior to 1.21 Description: The issue concerns XML External Entity XXE injection in the bucket creation endpoint. When processing the CreateBucketConfiguration XML document, the service's XML parser resolves external entities...