Lucene search
Veracode Vulnerability DatabaseVERACODE:35318HistoryApr 29, 2022 - 3:29 a.m.
XML External Entity (XXE) Injection
2022-04-2903:29:34
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
5
0.001 Low
EPSS
Percentile
44.5%
xwiki-commons-xml is vulnerable to XML External Entity (XXE) Injection. The parse function of XMLUtils.java does not disable access to external entities by default, allowing an attacker to submit a malicious XML document to perform requests on behalf of the server.
References
github.com/advisories/GHSA-m2r5-4w96-qxg5
github.com/xwiki/xwiki-commons/commit/947e8921ebd95462d5a7928f397dd1b64f77c7d5
github.com/xwiki/xwiki-commons/commit/abe79aaa31d4e8d8caaadfb7454227fb92ed7b18
github.com/xwiki/xwiki-commons/commit/e34a97dc645a1f18c0d0938e7faff2a3fff008f7
github.com/xwiki/xwiki-commons/security/advisories/GHSA-m2r5-4w96-qxg5
jira.xwiki.org/browse/XWIKI-18946
Related
veracode
veracode
XML External Entity Injection (XXE)
2022-04-29 10:23:56
cve
cve
CVE-2022-24898
2022-04-28 20:15:07
cvelist
cvelist
nvd
nvd
CVE-2022-24898
2022-04-28 20:15:07
osv
osv
CVE-2022-24898
2022-04-28 20:15:07
prion
prion
Xxe
2022-04-28 20:15:00
github
github