6 matches found
XML External Entity (XXE) Injection
Apache Cocoon is vulnerable to XML External Entity XXE Injection. The vulnerability is due to improper XML parsing configuration in the StreamGenerator class, which allows an attacker to submit a malicious XML document, resulting in XXE. An attacker can exploit this flaw to read arbitrary files o...
VulnCheck KEV: CVE-2020-11991
When using the StreamGenerator, the code parse a user-provided XML. A specially crafted XML, including external system entities, could be used to access any file on the server system...
CVE-2020-11991
When using the StreamGenerator, the code parse a user-provided XML. A specially crafted XML, including external system entities, could be used to access any file on the server system...
Information disclosure
When using the StreamGenerator, the code parse a user-provided XML. A specially crafted XML, including external system entities, could be used to access any file on the server system...
CVE-2020-11991
Apache Cocoon 2.1.12 is vulnerable to XML injection via the StreamGenerator when parsing user-supplied XML containing external entities. This can allow reading arbitrary files on the server. The connected template explicitly notes the issue and recommends upgrading to Apache Cocoon 2.1.13 or late...
CVE-2020-11991
When using the StreamGenerator, the code parse a user-provided XML. A specially crafted XML, including external system entities, could be used to access any file on the server system...