Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
veracodeVeracode Vulnerability DatabaseVERACODE:3851
HistoryApr 06, 2017 - 7:36 a.m.

XML External Entity (XXE)

2017-04-0607:36:09
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
4

0.003 Low

EPSS

Percentile

71.5%

JSON

amf-serializer is vulnerable to to XML External Entity (XXE). The library’s AMF3 deserializers allow for external entity references from XML documents embedded in AMF3 messages.

CPENameOperatorVersion
amf-serializerle2.2.0

Related

prion 1
cvelist 1
cve 1
nvd 1
seebug 1
cert 1
prion
prion
Server side request forgery (ssrf)
2018-06-11 17:29:00
cvelist
cvelist
CVE-2017-3206 The Action Message Format (AMF3) deserializers used by Flamingo amf-serializer by Exadel, version 2.2.0, allows external entity references (XXEs) from XML documents embedded within AMF3 messages
2018-06-11 17:00:00
cve
cve
CVE-2017-3206
2018-06-11 17:29:00
nvd
nvd
CVE-2017-3206
2018-06-11 17:29:00
seebug
seebug
AMF3 Java implementations Improper Restriction of XML External Entity Reference ('XXE')
2017-04-06 00:00:00
cert
cert
Action Message Format (AMF3) Java implementations are vulnerable to insecure deserialization and XML external entities references
2017-04-04 00:00:00

0.003 Low

EPSS

Percentile

71.5%

JSON
Related for VERACODE:3851
prion1cvelist1cve1nvd1seebug1cert1