Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:20525
HistoryJun 12, 2019 - 7:55 a.m.

XML External Entities (XXE)

2019-06-1207:55:17
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
8

EPSS

0.005

Percentile

76.9%

expat is vulnerable to denial of service. Entities expansions are not properly handled unless using the XML_SetEntityDeclHandler function. This allows remote attackers to crash the process, send HTTP requests on behalf of the server or read arbitrary files via a malicious XML document.

References