2 matches found
The vulnerability of the XMLInputFactory class in the OSGi Apache Karaf container allows a attacker to execute arbitrary code.
The vulnerability of the XMLInputFactory class in the OSGi Apache Karaf container is related to an incorrect limitation on XML references to external objects. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
DEBIAN-CVE-2013-7315
The Spring MVC in Spring Framework before 3.2.4 and 4.0.0.M1 through 4.0.0.M2 does not disable external entity resolution for the StAX XMLInputFactory, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML with JAXB,...