0.003 Low
EPSS
Percentile
71.5%
amf-serializer is vulnerable to to XML External Entity (XXE). The library’s AMF3 deserializers allow for external entity references from XML documents embedded in AMF3 messages.
codewhitesec.blogspot.sg/2017/04/amf.html
www.securityfocus.com/bid/97380
www.securityweek.com/flaws-java-amf-libraries-allow-remote-code-execution
codewhitesec.blogspot.com/2017/04/amf.html
www.kb.cert.org/vuls/id/307983
www.sourceclear.com/registry/security/xml-external-entity-xxe-/java/sid-1764