CVE-2023-26920

fast-xml-parser before 4.1.2 allows proto for Prototype Pollution...

CVE-2023-26920

fast-xml-parser before 4.1.2 allows proto for Prototype Pollution...

UBUNTU-CVE-2023-26920

fast-xml-parser before 4.1.2 allows proto for Prototype Pollution...

fast-xml-parser security vulnerability

fast-xml-parser is an open source library from Natural Intelligence. It is used to quickly validate XML, parse XML and build XML without C/C++ based libraries and callbacks. A security vulnerability exists in versions of fast-xml-parser prior to 4.1.2, which stems from the presence of prototype...

CVE-2023-26920

fast-xml-parser before 4.1.2 allows proto for Prototype Pollution...

CVE-2023-26920

CVE-2023-26920 affects the fast-xml-parser library (before 4.1.2). The issue is a Prototype Pollution flaw triggered by proto and can lead to remote code execution or denial of service, per IBM’s Cloud Pak for Data advisory (affecting 4.0.0–4.8.4; remediation to 4.8.5). NVD lists CVSSv3.1 base sc...

USN-6542-1: TinyXML vulnerability

Wang Zhong discovered that TinyXML incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service...

Jenkins MATLAB Plugin missing permission checks

Jenkins MATLAB Plugin determines whether a user-specified directory on the Jenkins controller is the location of a MATLAB installation by parsing an XML file in that directory. MATLAB Plugin 2.11.0 and earlier does not perform permission checks in several HTTP endpoints implementing related form...

GHSA-9F5G-RGCR-8GRW Jenkins MATLAB Plugin cross-site request forgery vulnerability

Jenkins MATLAB Plugin determines whether a user-specified directory on the Jenkins controller is the location of a MATLAB installation by parsing an XML file in that directory. MATLAB Plugin 2.11.0 and earlier does not perform permission checks in several HTTP endpoints implementing related form...

GHSA-CV4X-9F34-8RP9 Jenkins MATLAB Plugin missing permission checks

Jenkins MATLAB Plugin determines whether a user-specified directory on the Jenkins controller is the location of a MATLAB installation by parsing an XML file in that directory. MATLAB Plugin 2.11.0 and earlier does not perform permission checks in several HTTP endpoints implementing related form...

CVE-2023-49656

Jenkins MATLAB Plugin 2.11.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

CVE-2023-49656

Jenkins MATLAB Plugin 2.11.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

CVE-2023-49656

The CVE-2023-49656 entry concerns the Jenkins MATLAB Plugin up to version 2.11.0, where the XML parser is not configured to prevent XML External Entity (XXE) attacks. The Red Hat, GitHub advisory, and Nessus entry corroborate that MATLAB Plugin 2.11.1 fixes the XXE vulnerability by configuring th...

CVE-2023-49656

Jenkins MATLAB Plugin 2.11.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

Jenkins MATLAB Plugin Security Vulnerability

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

PT-2023-31281 · Jenkins · Jenkins Matlab Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins MATLAB Plugin versions 2.11.0 and earlier Description: A cross-site request forgery CSRF vulnerability allows attackers to have Jenkins parse an XML file from the Jenkins controller file system. The plugin determines whether a...

Adobe RoboHelp Server UpdateCommandStream XML External Entity Processing Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe RoboHelp Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UpdateCommandStream method. Due to the improper restriction of XML...

NI DIAdem GPX File Parsing XML External Entity Processing Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of NI DIAdem. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing o...

Xxe

e-Tax software Version3.0.10 and earlier improperly restricts XML external entity references XXE due to the configuration of the embedded XML parser. By processing a specially crafted XML file, arbitrary files on the system may be read by an attacker...

CVE-2023-46802

e-Tax software Version3.0.10 and earlier improperly restricts XML external entity references XXE due to the configuration of the embedded XML parser. By processing a specially crafted XML file, arbitrary files on the system may be read by an attacker...