Lucene search
Veracode Vulnerability DatabaseVERACODE:30895HistoryJun 09, 2021 - 5:16 a.m.
XML External Entitty (XXE)
2021-06-0905:16:36
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
13
xml external entity
silverstripe/framework
ssrf
system file retrieval
EPSS
0.001
Percentile
41.5%
silverstripe/framework is vulnerable to XML external entity (XXE) attacks. The loading of external entities and DTDs are not disabled and allows an attacker to perform server-side request forgery (SSRF) attacks or retrieve confidential system files via a malicious XML document.
References
forum.silverstripe.org/c/releases
github.com/silverstripe/silverstripe-framework/commit/7f97734a20521545aa7452a2cba791a907238a60
www.silverstripe.org/blog/tag/release
www.silverstripe.org/download/security-releases/
www.silverstripe.org/download/security-releases/cve-2020-25817
www.silverstripe.org/download/security-releases/cve-2021-25817/
Related
cvelist
cvelist
CVE-2020-25817
2021-06-08 17:54:01
github
github
SilverStripe XXE Vulnerability in CSSContentParser
2022-05-24 19:04:19
cve
cve
CVE-2020-25817
2021-06-08 18:15:07
osv
osv
CVE-2020-25817
2021-06-08 18:15:07
SilverStripe XXE Vulnerability in CSSContentParser
2022-05-24 19:04:19
BIT-silverstripe-2020-25817
2024-03-06 11:06:51
nvd
nvd
CVE-2020-25817
2021-06-08 18:15:07
prion
prion
Xxe
2021-06-08 18:15:00