PT-2024-38000 · Unknown · Guardrails Ai

Name of the Vulnerable Software and Affected Versions: Guardrails AI affected versions not specified Description: The issue concerns RAIL documents, an XML-based format used by Guardrails AI for enforcing formatting checks on LLM outputs. Users who consume RAIL documents from external sources are...

SUSE CVE-2007-5461

Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag...

XML External Entity (XXE)

Apache commons-jelly is vulnerable to XML external entity XXE. When jelly XML files are parsed with a custom doctype declared as a SYSTEM entity with a URL at the beginning of the file, the parser will connect to the URL at instantiation...

UBUNTU-CVE-2017-12621

During Jelly xml file parsing with Apache Xerces, if a custom doctype entity is declared with a "SYSTEM" entity with a URL and that entity is used in the body of the Jelly file, during parser instantiation the parser will attempt to connect to said URL. This could lead to XML External Entity XXE...

PT-2017-12606 · Apache · Apache Commons Jelly +1

Name of the Vulnerable Software and Affected Versions: Apache Commons Jelly versions prior to 1.0.1 Description: The issue arises during Jelly xml file parsing with Apache Xerces. If a custom doctype entity is declared with a "SYSTEM" entity with a URL and that entity is used in the body of the...

XML Entity Cheatsheet - Updated

An XML Entity testing cheatsheet. This is an updated version with nokogiri tests removed, just XXE notes. XML Declarations: 1 2 | ---|--- Vanilla entity test: 1 | &post ---|--- SYSTEM entity test xxe: 1 | ---|--- Parameter Entity. One of the benefits is a paremeter entity is automatically expande...