Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:34498
HistoryMar 04, 2022 - 2:49 a.m.

XML External Entity (XXE)

2022-03-0402:49:05
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
13

0.002 Low

EPSS

Percentile

57.2%

hazelcast is vulnerable to XML external entity attacks. The AbstractXmlConfigRootTagRecognizer function of AbstractXmlConfigRootTagRecognizer.java does not disable access to external entities by default, allowing an attacker to submit a malicious XML document to perform requests on behalf of the server.

0.002 Low

EPSS

Percentile

57.2%