EUVD-2022-5647

Malicious code in bioql PyPI...

Eclipse Jetty XmlParser allows arbitrary DOCTYPE declarations

From the reporter XmlParser is vulnerable to XML external entity XXE vulnerability. XmlParser is being used when parsing Jetty’s xml configuration files. An attacker might exploit this vulnerability in order to achieve SSRF or cause a denial of service. One possible scenario is importing a remote...

GHSA-WVPV-8524-WG6X mxGraph vulnerable to XXE attacks

In mxGraphViewImageReader.java in mxGraph before 3.7.6, the SAXParserFactory instance in convert is missing flags to prevent XML External Entity XXE attacks, as demonstrated by /ServerView...

mxGraph vulnerable to XXE attacks

In mxGraphViewImageReader.java in mxGraph before 3.7.6, the SAXParserFactory instance in convert is missing flags to prevent XML External Entity XXE attacks, as demonstrated by /ServerView...

in detekt/detekt

Description The read function makes use of SAXParser generated from a SAXParserFactory with no FEATURESECUREPROCESSING set, allowing for XXE attacks. In...

in jetbrains/kotlin

Description The ModuleXmlParser.parse function makes use of SAXParser generated from a SAXParserFactory with no FEATURESECUREPROCESSING set, allowing for XXE attacks. In...

XML External Entity (XXE) Injection

mxgraph is vulnerable to XML external entity XXE injection attacks. These attacks are possible because the SAXParserFactory used doesn't prevent doc-type declarations DTD, allowing attackers to perform these attacks...

CVE-2017-18197

In mxGraphViewImageReader.java in mxGraph before 3.7.6, the SAXParserFactory instance in convert is missing flags to prevent XML External Entity XXE attacks, as demonstrated by /ServerView...

Xxe

In mxGraphViewImageReader.java in mxGraph before 3.7.6, the SAXParserFactory instance in convert is missing flags to prevent XML External Entity XXE attacks, as demonstrated by /ServerView...

CVE-2017-18197

In mxGraphViewImageReader.java in mxGraph before 3.7.6, the SAXParserFactory instance in convert is missing flags to prevent XML External Entity XXE attacks, as demonstrated by /ServerView...

CVE-2017-18197

In mxGraphViewImageReader.java in mxGraph before 3.7.6, the SAXParserFactory instance in convert is missing flags to prevent XML External Entity XXE attacks, as demonstrated by /ServerView...

CVE-2017-7464

It was found that the JAXP implementation used in EAP 7.0 for SAX and DOM parsing is vulnerable to certain XXE flaws. An attacker could use this flaw to cause DoS, SSRF, or information disclosure if they are able to provide XML content for parsing. Mitigation Enable the security features of the...