3 matches found
CVE-2025-27136
LocalS3 is an Amazon S3 mock service for testing and local development. Prior to version 1.21, the LocalS3 service's bucket creation endpoint is vulnerable to XML External Entity XXE injection. When processing the CreateBucketConfiguration XML document during bucket creation, the service's XML...
GHSA-V232-254C-M6P7 LocalS3 Project Vulnerable to XML External Entity (XXE) Injection via Bucket Tagging API
Description The LocalS3 project, an S3-compatible storage service, is vulnerable to XML External Entity XXE injection through its bucket tagging API. The vulnerability exists because the application processes XML input without properly disabling external entity resolution. When processing XML dat...
LocalS3 CreateBucketConfiguration Endpoint XML External Entity (XXE) Injection
Description The LocalS3 service's bucket creation endpoint is vulnerable to XML External Entity XXE injection. When processing the CreateBucketConfiguration XML document during bucket creation, the service's XML parser is configured to resolve external entities. This allows an attacker to declare...