GHSA-cr8h-fr86-8vfv
Suggest an improvement- Source
- https://github.com/advisories/GHSA-cr8h-fr86-8vfv
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/12/GHSA-cr8h-fr86-8vfv/GHSA-cr8h-fr86-8vfv.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-cr8h-fr86-8vfv
- Aliases
- Published
- 2023-12-15T12:30:25Z
- Modified
- 2024-02-20T05:34:20.477270Z
- Severity
-
- 4.6 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N CVSS Calculator
- Summary
- WSO2 products vulnerable to XML External Entity attack
- Details
-
Multiple WSO2 products have been identified as vulnerable due to an XML External Entity (XXE) attack abuses a widely available but rarely used feature of XML parsers to access sensitive information.
- Database specific
{ "cwe_ids": [ "CWE-611" ], "github_reviewed": true, "nvd_published_at": "2023-12-15T10:15:09Z", "severity": "MODERATE", "github_reviewed_at": "2023-12-19T20:52:53Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2023-6836
- https://github.com/wso2/carbon-analytics-common/commit/9478336859306d3ea13b25cb386f29c183707fde
- https://github.com/wso2/carbon-commons/commit/a08a587e3dd5146121a7b47a0fdd06ddbcd903f4
- https://github.com/wso2/carbon-event-processing/commit/e9953afd46a45f704de341a081f710cbdfa3f975
- https://github.com/wso2/carbon-governance/commit/ad36968d5a11d4fc35fa5cc4e8b5ae9a04e5bb4c
- https://github.com/wso2/carbon-registry/commit/738b2a0b3e5f118527da236467ed72d9fd9ce40e
- https://github.com/wso2/product-apim/commit/96e8f5d6566d57bbbb8d4257f6f55057a79d00b5
- https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2021/WSO2-2020-0716
Affected packages
Maven
org.wso2.carbon.commons:org.wso2.carbon.ntask.core
Package
- Name
- org.wso2.carbon.commons:org.wso2.carbon.ntask.core
- View open source insights on deps.dev
- Purl
- pkg:maven/org.wso2.carbon.commons/org.wso2.carbon.ntask.core
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed4.7.24
Affected versions
4.*
4.3.0
4.3.1
4.3.2
4.3.3
4.3.4
4.3.5
4.3.6
4.4.0
4.4.1
4.4.2
4.4.3
4.4.4
4.4.5
4.4.6
4.4.7
4.4.8
4.4.9
4.5.0-alpha1
4.5.0-beta1
4.5.0
4.5.1
4.5.2
4.5.3
4.5.4
4.5.5
4.5.7
4.5.8
4.5.9
4.5.10
4.5.11
4.5.12
4.6.0
4.6.1
4.6.2
4.6.3
4.6.4
4.6.5
4.6.6
4.6.7
4.6.8
4.6.9
4.6.10
4.6.11
4.6.12
4.6.13
4.6.14
4.6.15
4.6.16
4.6.17
4.6.18
4.6.19
4.6.20
4.6.21
4.6.22
4.6.23
4.6.24
4.6.25
4.6.26
4.6.27
4.6.28
4.6.29
4.6.30
4.6.31
4.6.32
4.6.33
4.6.34
4.6.35
4.6.36
4.6.37
4.6.38
4.6.39
4.6.40
4.6.41
4.6.42
4.6.43
4.6.44
4.6.45
4.6.46
4.6.47
4.6.48
4.6.49
4.6.50
4.6.51
4.6.52
4.6.53
4.6.54
4.6.55
4.6.56
4.6.57
4.6.58
4.6.59
4.6.60
4.6.61
4.6.62
4.6.63
4.6.64
4.6.65
4.7.12
4.7.13
4.7.20
4.7.21
4.7.22
org.wso2.am:wso2am
Package
- Name
- org.wso2.am:wso2am
- View open source insights on deps.dev
- Purl
- pkg:maven/org.wso2.am/wso2am
org.wso2.carbon.registry:org.wso2.carbon.registry.extensions
Package
- Name
- org.wso2.carbon.registry:org.wso2.carbon.registry.extensions
- View open source insights on deps.dev
- Purl
- pkg:maven/org.wso2.carbon.registry/org.wso2.carbon.registry.extensions
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed4.7.31
Affected versions
4.*
4.6.11
4.6.12
4.6.13
4.6.14
4.6.15
4.6.16
4.6.17
4.6.18
4.6.19
4.6.20
4.6.21
4.6.22
4.6.23
4.6.24
4.6.25
4.6.26
4.6.27
4.6.28
4.6.29
4.6.30
4.6.31
4.6.32
4.6.33
4.6.34
4.6.35
4.6.36
4.6.37
4.6.38
4.6.39
4.6.40
4.6.41
4.6.42
4.7.13
4.7.14
4.7.15
4.7.16
4.7.17
4.7.25
4.7.26
4.7.27
4.7.28
org.wso2.carbon.event-processing:org.wso2.carbon.event.processor.core
Package
- Name
- org.wso2.carbon.event-processing:org.wso2.carbon.event.processor.core
- View open source insights on deps.dev
- Purl
- pkg:maven/org.wso2.carbon.event-processing/org.wso2.carbon.event.processor.core
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.2.12
Affected versions
2.*
2.0.1
2.0.2
2.0.3
2.0.4-alpha
2.0.4
2.0.5
2.0.6
2.0.7
2.0.8
2.0.9
2.0.10
2.0.11
2.0.12
2.0.13-alpha
2.0.13-alpha2
2.0.13-beta
2.0.13-beta2
2.1.0-alpha
2.1.0-beta
2.1.0
2.1.1
2.1.2
2.1.3
2.1.4
2.1.5
2.1.6
2.1.7
2.1.8
2.1.9
2.1.10
2.1.11
2.1.12
2.1.13
2.1.14
2.1.15
2.1.16
2.1.17
2.1.18
2.1.19
2.1.20
2.1.21
2.1.22
2.1.23
2.1.24
2.1.25
2.1.26
2.1.27
2.1.28
2.1.29
2.2.6
org.wso2.carbon.analytics-common:org.wso2.carbon.event.input.adapter.core
Package
- Name
- org.wso2.carbon.analytics-common:org.wso2.carbon.event.input.adapter.core
- View open source insights on deps.dev
- Purl
- pkg:maven/org.wso2.carbon.analytics-common/org.wso2.carbon.event.input.adapter.core
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed5.2.23
Affected versions
1.*
1.0.0
2.*
2.0.0-alpha
5.*
5.0.0
5.0.1
5.0.2
5.0.3
5.0.4
5.0.5
5.0.6
5.0.7
5.0.8
5.0.9
5.0.10
5.0.11
5.0.12-alpha
5.0.12-alpha2
5.0.12-beta
5.0.12-beta2
5.1.0-alpha
5.1.0-beta
5.1.0
5.1.1
5.1.2-alpha
5.1.2
5.1.3
5.1.4
5.1.5
5.1.6
5.1.7
5.1.8
5.1.9
5.1.11
5.1.12
5.1.13
5.1.14
5.1.15
5.1.16
5.1.17
5.1.18
5.1.19
5.1.20
5.1.21
5.1.22
5.1.23
5.1.24
5.1.25
5.1.26
5.1.27
5.1.28
5.1.29
5.1.30
5.1.31
5.1.32
5.1.33
5.1.34
5.1.35
5.1.36
5.1.37
5.1.38
5.1.39
5.1.40
5.1.41
5.1.42
5.1.43
5.1.44
5.1.45
5.1.46
5.1.47
5.1.48
5.1.49
5.1.50
5.1.51
5.1.52
5.1.53
5.1.54
5.1.55
5.1.56
5.1.57
5.1.59
5.1.61
5.1.62
5.1.63
5.2.11
5.2.12
5.2.13
5.2.19
org.wso2.carbon.governance:org.wso2.carbon.governance.common
Package
- Name
- org.wso2.carbon.governance:org.wso2.carbon.governance.common
- View open source insights on deps.dev
- Purl
- pkg:maven/org.wso2.carbon.governance/org.wso2.carbon.governance.common
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed4.8.13
Affected versions
4.*
4.5.0
4.5.1
4.5.2
4.5.3
4.5.4
4.5.5
4.5.6
4.5.7
4.5.8
4.5.9
4.6.0
4.6.1
4.6.2-alpha
4.6.2-alpha2
4.6.2-beta
4.6.2
4.6.3
4.6.4
4.6.5
4.7.0
4.7.1
4.7.2
4.7.3
4.7.4
4.7.5
4.7.6
4.7.7
4.7.8
4.7.9
4.7.10
4.7.11
4.7.12
4.7.13
4.7.14
4.7.15
4.7.16
4.7.17
4.7.18
4.7.19
4.7.20
4.7.21
4.7.22
4.7.23
4.7.24
4.7.25
4.7.26
4.7.27
4.7.28
4.7.29
4.8.9
4.8.10