2 matches found
GHSA-R3XG-RG9J-67FV Docling: Unsafe Archive Extraction and XML Parsing in METS-GBS Backend
Impact The METS-GBS backend's XML parsing and the input document format detection lacked security controls, enabling: - XML External Entity XXE attacks to read local files or cause denial of service - Decompression bombs zip bombs to exhaust memory and disk space - Unbounded archive extraction...
XML External Entity (XXE) Injection
Overview ch.qos.reload4j:reload4j is an a fork of Apache log4j version 1.2.17 with the goal of fixing pressing security issues. Affected versions of this package are vulnerable to XML External Entity XXE Injection due to insufficient checks which do not disable the parsing of external general...