3 matches found
CVE-2025-47293
CVE-2025-47293 concerns PowSyBl (Power System Blocks) where powsybl-core XML parsing via com.powsybl.commons.xml.XmlReader is vulnerable to XXE and SSRF. The root cause is treating XmlReader as trusted when untrusted XML (CGMES/XIIDM) is submitted, allowing privilege escalation to read sensitive ...
MGASA-2024-0172 Updated libxml2 packages fix a security vulnerability
An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free. CVE-2024-25062...
CVE-2022-23476 Unchecked return value from xmlTextReaderExpand in Nokogiri
Nokogiri is an open source XML and HTML library for the Ruby programming language. Nokogiri 1.13.8 and 1.13.9 fail to check the return value from xmlTextReaderExpand in the method Nokogiri::XML::Readerattributehash. This can lead to a null pointer exception when invalid markup is being parsed. Fo...