GHSA-838r-hvwh-24h8

Suggest an improvement
Source
https://github.com/advisories/GHSA-838r-hvwh-24h8
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/09/GHSA-838r-hvwh-24h8/GHSA-838r-hvwh-24h8.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-838r-hvwh-24h8
Aliases
Published
2021-09-13T20:06:31Z
Modified
2023-11-01T04:56:00.252359Z
Severity
  • 9.1 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS Calculator
Summary
XML Injection in Any23
Details

An XML external entity (XXE) injection vulnerability was discovered in the Any23 StreamUtils.java file and is known to affect Any23 versions < 2.5. XML external entity injection (also known as XXE) is a web security vulnerability that allows an attacker to interfere with an application's processing of XML data. It often allows an attacker to view files on the application server filesystem, and to interact with any back-end or external systems that the application itself can access.

Database specific
{
    "nvd_published_at": "2021-09-11T11:15:00Z",
    "github_reviewed_at": "2021-09-13T19:31:01Z",
    "severity": "CRITICAL",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-611"
    ]
}
References

Affected packages

Maven / org.apache.any23:apache-any23

Package

Name
org.apache.any23:apache-any23
View open source insights on deps.dev
Purl
pkg:maven/org.apache.any23/apache-any23

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.5

Affected versions

0.*

0.7.0-incubating
0.8.0
0.9.0

1.*

1.0
1.1

2.*

2.0
2.1
2.2
2.3
2.4