Lucene search

GitHub Advisory DatabaseGHSA-52WR-3VWW-RMPQ

HistoryMay 17, 2022 - 4:44 a.m.

SOAPpy vulnerable to XML External Entity attacks

2022-05-1704:44:24

CWE-611

GitHub Advisory Database

github.com

soappy

xml external entity

vulnerability

remote attackers

soap request

arbitrary files

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

EPSS

0.004

Percentile

72.0%

JSON

SOAPpy 0.12.5 allows remote attackers to read arbitrary files via a SOAP request containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Affected configurations

Vulners

Node

soappyRange≤0.12.5

VendorProductVersionCPE
*soappy*cpe:2.3:a:*:soappy:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
*	soappy	*	cpe:2.3:a::soappy::::::::*

References

seclists.org/fulldisclosure/2014/May/20

www.openwall.com/lists/oss-security/2014/05/06/1

www.openwall.com/lists/oss-security/2014/05/06/9

github.com/advisories/GHSA-52wr-3vww-rmpq

nvd.nist.gov/vuln/detail/CVE-2014-3242

web.archive.org/web/20150501220613/www.pnigos.com/?p=260

web.archive.org/web/20200229062311/www.securityfocus.com/bid/67216

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

EPSS

0.004

Percentile

72.0%

JSON

Related for GHSA-52WR-3VWW-RMPQ