Lucene search
Veracode Vulnerability DatabaseVERACODE:7343HistoryAug 23, 2018 - 2:26 a.m.
XML External Entity (XXE)
2018-08-2302:26:35
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
5
0.001 Low
EPSS
Percentile
28.5%
Apache cayenne-server is vulnerable to XML external entity (XXE). The XML external entity declaration is not disabled in the XML parser of the CayenneModeler and allows an attacker to access local or remote content via a declared system identifier.
| CPE | Name | Operator | Version |
|---|---|---|---|
| cayenne-server: cayenne server | eq | 4.1.M1 | |
| cayenne-server: cayenne server | le | 4.0.RC1 |
References
github.com/apache/cayenne/commit/5714108e8a4dabbc89957f562ad46035064ef731
github.com/apache/cayenne/commit/6fc896b65ed871be33dcf453cde924bf73cf83db
github.com/apache/cayenne/commit/8d4c83abed024fc3a698148a122429022b89b590
lists.apache.org/thread.html/ed60a4d329be3c722f105317ca883986dfcd17615c70d1df87f4528c@%3Cuser.cayenne.apache.org%3E
Related
osv
osv
XML External Entity Reference in Apache Cayenne
2022-05-14 02:02:28
CVE-2018-11758
2018-08-22 20:29:00
nvd
nvd
CVE-2018-11758
2018-08-22 20:29:00
cvelist
cvelist
CVE-2018-11758
2018-08-22 00:00:00
prion
prion
Xxe
2018-08-22 20:29:00
github
github
XML External Entity Reference in Apache Cayenne
2022-05-14 02:02:28
cve
cve
CVE-2018-11758
2018-08-22 20:29:00