CVE-2021-38555

Source
https://nvd.nist.gov/vuln/detail/CVE-2021-38555
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-38555.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2021-38555
Aliases
Published
2021-09-11T11:15:08Z
Modified
2024-10-12T08:17:42.960193Z
Severity
  • 9.1 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS Calculator
Summary
[none]
Details

An XML external entity (XXE) injection vulnerability was discovered in the Any23 StreamUtils.java file and is known to affect Any23 versions < 2.5. XML external entity injection (also known as XXE) is a web security vulnerability that allows an attacker to interfere with an application's processing of XML data. It often allows an attacker to view files on the application server filesystem, and to interact with any back-end or external systems that the application itself can access.

References

Affected packages

Git / github.com/apache/any23

Affected ranges

Type
GIT
Repo
https://github.com/apache/any23
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

any23-0.*

any23-0.9.0

any23-1.*

any23-1.0
any23-1.1

any23-2.*

any23-2.0
any23-2.1
any23-2.2
any23-2.3
any23-2.4

apache-any23-0.*

apache-any23-0.8.0
apache-any23-0.8.0RC2