jersey-core is vulnerable to XML external entity attacks. The external parameter entities were not disabled by the jersey SAX parser, allowing a remote attacker to exploit the vulnerability to read files accessible to the user running the application server, and potentially perform recursive entity expansion and send requests on behalf of the server.
CPE | Name | Operator | Version |
---|---|---|---|
jersey-core | le | 1.9.1 | |
jersey-core | le | 1.13-b01 | |
jersey-core | le | 1.9.1 | |
jersey-core | le | 1.13-b01 |