XML External Entity (XXE)

2017-12-0108:29:26

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

EPSS

0.003

Percentile

71.6%

JSON

Adobe xmpcore is vulnerable to XML external entity (XXE) attacks. The attacks are possible because it does not properly handle the XML data containing an external entity declaration in conjunction with an entity reference, allowing users to read arbitrary files.