Lucene search

K

GoogleOSV:GHSA-RGH3-987H-WPMW

HistoryJun 30, 2020 - 10:48 p.m.

XML External Entity Injection in XStream

2020-06-3022:48:14

Google

osv.dev

43

EPSS

0.002

Percentile

55.3%

Multiple XML external entity (XXE) vulnerabilities in the (1) Dom4JDriver, (2) DomDriver, (3) JDomDriver, (4) JDom2Driver, (5) SjsxpDriver, (6) StandardStaxDriver, and (7) WstxDriver drivers in XStream before 1.4.9 allow remote attackers to read arbitrary files via a crafted XML document.

References

lists.fedoraproject.org/pipermail/package-announce/2016-April/183180.html

lists.fedoraproject.org/pipermail/package-announce/2016-April/183208.html

rhn.redhat.com/errata/RHSA-2016-2822.html

rhn.redhat.com/errata/RHSA-2016-2823.html

www.debian.org/security/2016/dsa-3575

www.openwall.com/lists/oss-security/2016/03/25/8

www.openwall.com/lists/oss-security/2016/03/28/1

www.securityfocus.com/bid/85381

www.securitytracker.com/id/1036419

x-stream.github.io/changes.html#1.4.9

github.com/x-stream/xstream

github.com/x-stream/xstream/issues/25

nvd.nist.gov/vuln/detail/CVE-2016-3674

snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-30385

EPSS

0.002

Percentile

55.3%

Related for OSV:GHSA-RGH3-987H-WPMW

openvas7 debian2 nessus7 fedora3 atlassian4 nvd1 github1 ibm5 debiancve1 osv3 cve1 prion1 ubuntucve1 mageia1 cvelist1 redhat2 ubuntu1 oracle1