Lucene search
+L

Remote Code Execution (RCE)

🗓️ 11 Mar 2025 01:36:40Reported by Veracode Vulnerability DatabaseType 
veracode
 veracode
🔗 sca.analysiscenter.veracode.com👁 8 Views

Lucee is vulnerable to Remote Code Execution due to improper XML entity processing in REST endpoint.

Related
Detection
Refs
ReporterTitlePublishedViews
Family
Circl
CVE-2023-38693
5 Mar 202518:37
circl
CNNVD
Lucee 代码问题漏洞
5 Mar 202500:00
cnnvd
CVE
CVE-2023-38693
5 Mar 202515:37
cve
Cvelist
CVE-2023-38693 RCE in Lucee REST endpoint
5 Mar 202515:37
cvelist
EUVD
EUVD-2023-42476
3 Oct 202520:07
euvd
Github Security Blog
Lucee RCE/XXE Vulnerability
5 Mar 202518:31
github
NVD
CVE-2023-38693
5 Mar 202516:15
nvd
OSV
CVE-2023-38693 RCE in Lucee REST endpoint
5 Mar 202515:37
osv
OSV
GHSA-VWJX-MMWM-PWRF Lucee RCE/XXE Vulnerability
5 Mar 202518:31
osv
RedhatCVE
CVE-2023-38693
7 Mar 202515:41
redhatcve
Rows per page
Vulners
Node
OR
luceeluceeRange5.3.10.79-RC5.3.10.120java
luceeluceeRange5.4.0.65-RC5.4.2.17java
luceeluceeRange5.0.0.225.3.7.47java
luceeluceeRange5.3.9.1335.3.9.166java
luceeluceeMatch5.3.10.79-rcjava
luceeluceeMatch5.3.10.94-rcjava
luceeluceeMatch5.3.10.97java
luceeluceeMatch5.4.0.65-rcjava
luceeluceeMatch5.4.0.77-rcjava
luceeluceeMatch5.4.0.80java
luceeluceeMatch5.4.1.8java
luceeluceeMatch5.0.0.120-betajava
luceeluceeMatch5.0.0.172-betajava
luceeluceeMatch5.0.0.174-betajava
luceeluceeMatch5.0.0.178-betajava
luceeluceeMatch5.0.0.213-betajava
luceeluceeMatch5.0.0.219-rcjava
luceeluceeMatch5.0.0.22java
luceeluceeMatch5.0.0.235-rcjava
luceeluceeMatch5.0.0.252java
luceeluceeMatch5.0.0.254java
luceeluceeMatch5.0.0.60-betajava
luceeluceeMatch5.0.0.62-betajava
luceeluceeMatch5.0.0.65-betajava
luceeluceeMatch5.0.0.98-betajava
luceeluceeMatch5.0.1.85java
luceeluceeMatch5.1.0.17-betajava
luceeluceeMatch5.1.0.31java
luceeluceeMatch5.1.0.31-betajava
luceeluceeMatch5.1.0.34java
luceeluceeMatch5.1.1.65java
luceeluceeMatch5.1.2.24java
luceeluceeMatch5.1.3.18java
luceeluceeMatch5.1.4.18java
luceeluceeMatch5.1.4.19java
luceeluceeMatch5.2.0.11-alphajava
luceeluceeMatch5.2.1.7java
luceeluceeMatch5.2.1.8java
luceeluceeMatch5.2.1.9java
luceeluceeMatch5.2.2.68-rcjava
luceeluceeMatch5.2.2.70-rcjava
luceeluceeMatch5.2.2.71java
luceeluceeMatch5.2.2.71-rcjava
luceeluceeMatch5.2.3.30-rcjava
luceeluceeMatch5.2.3.31-rcjava
luceeluceeMatch5.2.3.32-rcjava
luceeluceeMatch5.2.3.33-rcjava
luceeluceeMatch5.2.3.34-rcjava
luceeluceeMatch5.2.3.35java
luceeluceeMatch5.2.3.35-rcjava
luceeluceeMatch5.2.4.35-rcjava
luceeluceeMatch5.2.4.36-rcjava
luceeluceeMatch5.2.4.37java
luceeluceeMatch5.2.4.37-rcjava
luceeluceeMatch5.2.5.20java
luceeluceeMatch5.2.5.20-rcjava
luceeluceeMatch5.2.6.59java
luceeluceeMatch5.2.6.59-rcjava
luceeluceeMatch5.2.6.60java
luceeluceeMatch5.2.7.61-rcjava
luceeluceeMatch5.2.7.62java
luceeluceeMatch5.2.7.63java
luceeluceeMatch5.2.8.50java
luceeluceeMatch5.2.8.50-rcjava
luceeluceeMatch5.2.9.28-rcjava
luceeluceeMatch5.2.9.29-rcjava
luceeluceeMatch5.2.9.31java
luceeluceeMatch5.3.0.34-alphajava
luceeluceeMatch5.3.0.86-betajava
luceeluceeMatch5.3.1.102java
luceeluceeMatch5.3.1.103java
luceeluceeMatch5.3.1.15-betajava
luceeluceeMatch5.3.1.87-rcjava
luceeluceeMatch5.3.1.91java
luceeluceeMatch5.3.1.94-rcjava
luceeluceeMatch5.3.1.95java
luceeluceeMatch5.3.2.74-rcjava
luceeluceeMatch5.3.2.77java
luceeluceeMatch5.3.3.60-rcjava
luceeluceeMatch5.3.3.62java
luceeluceeMatch5.3.3.67java
luceeluceeMatch5.3.4.54-rcjava
luceeluceeMatch5.3.4.73-rcjava
luceeluceeMatch5.3.4.77java
luceeluceeMatch5.3.4.80java
luceeluceeMatch5.3.5.78-rcjava
luceeluceeMatch5.3.5.92java
luceeluceeMatch5.3.6.53-rcjava
luceeluceeMatch5.3.6.61java
luceeluceeMatch5.3.6.68java
luceeluceeMatch5.3.7.34-rcjava
luceeluceeMatch5.3.7.59java
luceeluceeMatch5.3.8.132-rcjava
luceeluceeMatch5.3.8.139-rcjava
luceeluceeMatch5.3.8.167-rcjava
luceeluceeMatch5.3.8.189java
luceeluceeMatch5.3.8.201java
luceeluceeMatch5.3.8.205java
luceeluceeMatch5.3.8.206java
luceeluceeMatch5.3.9.133java
luceeluceeMatch5.3.9.141java
luceeluceeMatch5.3.9.141-rcjava
luceeluceeMatch5.3.9.160java

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

13 Dec 2025 05:06Current
8.5High risk
Vulners AI Score8.5
CVSS 3.19.8
EPSS0.0076
SSVC
8