Lucene search
Veracode Vulnerability DatabaseVERACODE:35464HistoryMay 10, 2022 - 10:32 a.m.
XML Entity Expansion
2022-05-1010:32:50
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
7
0.002 Low
EPSS
Percentile
60.7%
WSO2 API Manager and API Microgateway are vulnerable to XML Entity Expansion attacks. The vulnerability exists due to XML Entity Expansion attacks and a lack of sanitization allowing an attacker to crash the system via an unauthenticated requests with a maliciously crafted XML file.
References
docs.wso2.com/display/Security/Security+Advisory+WSO2-2020-0742
github.com/wso2/carbon-governance/commit/8a033d5cdb5aba7cfd30318b5a398ca017d0436d
github.com/wso2/carbon-governance/commit/a5f4d6f1d4bd8f35b12c8ec542b97a9b198be47d
github.com/wso2/carbon-governance/commit/f0270c1e36083355dabc79a824e676161e365d20
github.com/wso2/carbon-governance/pull/339
github.com/wso2/carbon-governance/pull/340
github.com/wso2/carbon-governance/pull/341
Related
prion
prion
Design/Logic Flaw
2020-08-21 20:15:00
cve
cve
CVE-2020-24590
2020-08-21 20:15:11
osv
osv
CVE-2020-24590
2020-08-21 20:15:11
attackerkb
attackerkb
CVE-2020-24590
2020-08-21 00:00:00
cvelist
cvelist
CVE-2020-24590
2020-08-21 19:05:31
nvd
nvd
CVE-2020-24590
2020-08-21 20:15:11