Lucene search
Veracode Vulnerability DatabaseVERACODE:33035HistoryNov 21, 2021 - 10:33 a.m.
XML External Entity (XXE)
2021-11-2110:33:56
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
38
xml external entity
php
vulnerability
simplexml
lack of sanitization
EPSS
0.002
Percentile
52.4%
php is vulnerable to XML External Entity. The vulnerability exists due to a lack of sanitization via simplexml function.
References
bugs.php.net/bug.php?id=79971
secdb.alpinelinux.org/edge/community.yaml
secdb.alpinelinux.org/v3.12/community.yaml
secdb.alpinelinux.org/v3.13/community.yaml
secdb.alpinelinux.org/v3.14/community.yaml
security.netapp.com/advisory/ntap-20211223-0005/
www.debian.org/security/2022/dsa-5082
www.tenable.com/security/tns-2022-09
Related
mageia
mageia
Updated php packages fix security vulnerability
2021-11-20 22:31:06
prion
prion
Code injection
2021-11-29 07:15:00
osv
osv
php8-8.0.13-1.1 on GA media
2024-06-15 00:00:00
BIT-php-2021-21707
2024-03-06 11:04:43
php7-7.4.26-1.1 on GA media
2024-06-15 00:00:00
nessus
nessus
PHP 7.4.x < 7.4.26
2021-11-18 00:00:00
SUSE SLED12 / SLES12 Security Update : php74 (SUSE-SU-2021:3927-1)
2021-12-07 00:00:00
EulerOS 2.0 SP3 : php (EulerOS-SA-2022-1755)
2022-05-26 00:00:00
fedora
fedora
[SECURITY] Fedora 33 Update: php-7.4.26-1.fc33
2021-11-25 01:05:22
[SECURITY] Fedora 34 Update: php-7.4.26-1.fc34
2021-11-25 00:59:03
[SECURITY] Fedora 35 Update: php-8.0.13-1.fc35
2021-11-26 01:22:42
altlinux
altlinux
Security fix for the ALT Linux 10 package php8.0 version 8.0.13-alt1
2021-12-01 00:00:00
Security fix for the ALT Linux 9 package php7 version 7.3.33-alt1
2021-11-29 00:00:00
Security fix for the ALT Linux 10 package php8.1 version 8.0.13-alt1
2021-11-20 00:00:00
redhatcve
redhatcve
CVE-2021-21707
2021-11-23 17:18:07
openvas
openvas
Huawei EulerOS: Security Advisory for php (EulerOS-SA-2022-1755)
2022-05-25 00:00:00
PHP < 7.3.33, 7.4.x < 7.4.26, 8.0.x < 8.0.13 Security Update (Nov 2021) - Windows
2021-11-19 00:00:00
Fedora: Security Advisory for php (FEDORA-2021-88ba46f2b2)
2021-12-04 00:00:00
cve
cve
CVE-2021-21707
2021-11-29 07:15:06
debiancve
debiancve
CVE-2021-21707
2021-11-29 07:15:06
cvelist
cvelist
CVE-2021-21707 Special characters break path parsing in XML functions
2021-11-29 06:25:08
nvd
nvd
CVE-2021-21707
2021-11-29 07:15:06
cbl_mariner
cbl_mariner
CVE-2021-21707 affecting package php 7.4.14-3
2024-10-01 09:12:11
checkpoint_advisories
checkpoint_advisories
PHP XML Parser Remote Code Execution (CVE-2021-21707)
2022-02-20 00:00:00
ubuntucve
ubuntucve
CVE-2021-21707
2021-11-29 00:00:00
alpinelinux
alpinelinux
CVE-2021-21707
2021-11-29 07:15:06
suse
suse
Recommended update for php7 (moderate)
2021-12-10 00:00:00
Recommended update for php7 (moderate)
2021-12-06 00:00:00
Security update for php8 (important)
2022-07-06 00:00:00
debian
debian
[SECURITY] [DSA 5082-1] php7.4 security update
2022-02-18 19:09:20
[SECURITY] [DLA 3243-1] php7.3 security update
2022-12-15 18:33:17
oraclelinux
oraclelinux
php:7.4 security, bug fix, and enhancement update
2022-11-15 00:00:00
rocky
rocky
php:7.4 security, bug fix, and enhancement update
2022-11-08 06:25:00
redhat
redhat
(RHSA-2022:7628) Moderate: php:7.4 security, bug fix, and enhancement update
2022-11-08 06:25:00
(RHSA-2022:5491) Important: rh-php73-php security and bug fix update
2022-07-04 07:07:16
almalinux
almalinux
Moderate: php:7.4 security, bug fix, and enhancement update
2022-11-08 00:00:00
ibm
ibm
ubuntu
ubuntu
PHP vulnerabilities
2022-03-07 00:00:00
PHP vulnerabilities
2022-02-22 00:00:00
PHP vulnerabilities
2022-03-03 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - October 2022
2022-10-18 00:00:00