2 matches found
org.onosproject:onos-drivers-arista (>=1.7.0 <=1.8.9), org.onosproject:onos-drivers-ciena (>=1.7.0 <=1.8.9) +13 more potentially affected by CVE-2023-41591 via org.onosproject:onos-core-net (>=1.7.0 <=2.5.7-rc2)
org.onosproject:onos-core-net MAVEN version =1.7.0, =1.7.0, =1.7.0, =1.7.0, =1.7.0, =1.7.0, =1.7.0, =1.8.0, =1.7.1, =1.7.0, =1.7.0, =1.7.0, =1.7.0, =3.0.0, =3.0.0, =3.0.0, =4.0.0-rc1 Source cves: CVE-2023-41591 Source advisory: SNYK:JAVA-ORGONOSPROJECT-10658543...
XML External Entity (XXE) Injection
onos-drivers-utilities is vulnerable to XML external entitiy XXE injection attacks. The application does not disable document type declarations DTD, allowing a malicious user can inject external entities through the loadxml function in XmlConfigParser.java...