Common Weakness Enumeration

CWE-112

Allowed

Missing XML Validation

Abstraction: Base · Status: Draft

The product accepts XML from an untrusted source but does not validate the XML against the proper schema.

18 vulnerabilities reference this CWE, most recent first.

GHSA-4WQH-M4M9-QJM8

Vulnerability from github – Published: 2023-10-10 03:30 – Updated: 2024-04-04 08:26
VLAI
Details

SAP PowerDesigner Client - version 16.7, does not sufficiently validate BPMN2 XML document imported from an untrusted source. As a result, URLs of external entities in BPMN2 file, although not used, would be accessed during import. A successful attack could impact availability of SAP PowerDesigner Client.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-40310"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-112"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-10-10T02:15:10Z",
    "severity": "HIGH"
  },
  "details": "SAP PowerDesigner\u00a0Client\u00a0- version 16.7, does not sufficiently validate BPMN2\u00a0XML document imported from an untrusted source. As a result, URLs of\u00a0external entities in BPMN2 file, although not used, would be accessed\u00a0during import.\u00a0A successful attack could impact availability of SAP PowerDesigner\u00a0Client.\n\n",
  "id": "GHSA-4wqh-m4m9-qjm8",
  "modified": "2024-04-04T08:26:52Z",
  "published": "2023-10-10T03:30:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40310"
    },
    {
      "type": "WEB",
      "url": "https://me.sap.com/notes/3357154"
    },
    {
      "type": "WEB",
      "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-63V5-26VQ-M4VM

Vulnerability from github – Published: 2026-01-26 21:30 – Updated: 2026-03-06 00:31
VLAI
Summary
Keycloak's missing timestamp validation allows attackers to extend SAML response validity periods
Details

A flaw was found in Keycloak's SAML brokering functionality. When Keycloak is configured as a client in a Security Assertion Markup Language (SAML) setup, it fails to validate the NotOnOrAfter timestamp within the SubjectConfirmationData. This allows an attacker to delay the expiration of SAML responses, potentially extending the time a response is considered valid and leading to unexpected session durations or resource consumption.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.keycloak:keycloak-services"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "26.5.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-1190"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-112",
      "CWE-347",
      "CWE-613"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-01-27T21:56:13Z",
    "nvd_published_at": "2026-01-26T20:16:09Z",
    "severity": "LOW"
  },
  "details": "A flaw was found in Keycloak\u0027s SAML brokering functionality. When Keycloak is configured as a client in a Security Assertion Markup Language (SAML) setup, it fails to validate the `NotOnOrAfter` timestamp within the `SubjectConfirmationData`. This allows an attacker to delay the expiration of SAML responses, potentially extending the time a response is considered valid and leading to unexpected session durations or resource consumption.",
  "id": "GHSA-63v5-26vq-m4vm",
  "modified": "2026-03-06T00:31:28Z",
  "published": "2026-01-26T21:30:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1190"
    },
    {
      "type": "WEB",
      "url": "https://github.com/keycloak/keycloak/issues/45646"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:3947"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:3948"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2026-1190"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430835"
    },
    {
      "type": "WEB",
      "url": "https://github.com/keycloak/keycloak"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Keycloak\u0027s missing timestamp validation allows attackers to extend SAML response validity periods"
}

GHSA-7J4H-8WPF-RQFH

Vulnerability from github – Published: 2022-05-13 01:01 – Updated: 2024-03-05 17:50
VLAI
Summary
Missing XML Validation in Apache Xerces2
Details

XMLscanner.java in Apache Xerces2 Java Parser before 2.12.0, as used in the Java Runtime Environment (JRE) in IBM Java 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 as well as Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, Java SE Embedded 7u40 and earlier, and possibly other products allows remote attackers to cause a denial of service via vectors related to XML attribute names.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "xerces:xercesImpl"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.12.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2013-4002"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-112"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-07-08T19:14:49Z",
    "nvd_published_at": "2013-07-23T11:03:00Z",
    "severity": "HIGH"
  },
  "details": "XMLscanner.java in Apache Xerces2 Java Parser before 2.12.0, as used in the Java Runtime Environment (JRE) in IBM Java 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 as well as Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, Java SE Embedded 7u40 and earlier, and possibly other products allows remote attackers to cause a denial of service via vectors related to XML attribute names.",
  "id": "GHSA-7j4h-8wpf-rqfh",
  "modified": "2024-03-05T17:50:14Z",
  "published": "2022-05-13T01:01:06Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4002"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/xerces2-j/commit/266e837852e0f0e3c8c1ad572b6fc4dbb4ded17"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2014:0414"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85260"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/apache/xerces2-j"
    },
    {
      "type": "WEB",
      "url": "https://issues.apache.org/jira/browse/XERCESJ-1679"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/49dc6702104a86ecbb40292dcd329ce9ae4c32b74733199ecab14a73@%3Cj-users.xerces.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5@%3Csolr-user.lucene.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00027.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00029.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00000.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00003.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00010.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00023.html"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=138674031212883\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=138674073720143\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2013-1059.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2013-1060.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2013-1081.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2013-1440.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2013-1447.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2013-1451.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2013-1505.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2014-1818.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2014-1821.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2014-1822.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2014-1823.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-0675.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-0720.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-0765.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-0773.html"
    },
    {
      "type": "WEB",
      "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
    },
    {
      "type": "WEB",
      "url": "http://support.apple.com/kb/HT5982"
    },
    {
      "type": "WEB",
      "url": "http://svn.apache.org/viewvc/xerces/java/trunk/src/org/apache/xerces/impl/XMLScanner.java?r1=965250\u0026r2=1499506\u0026view=patch"
    },
    {
      "type": "WEB",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC98015"
    },
    {
      "type": "WEB",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21644197"
    },
    {
      "type": "WEB",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21653371"
    },
    {
      "type": "WEB",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21657539"
    },
    {
      "type": "WEB",
      "url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS13-025/index.html"
    },
    {
      "type": "WEB",
      "url": "http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm_filenet_content_manager_and_ibm_content_foundation_xml_4j_denial_of_service_attack_cve_2013_4002"
    },
    {
      "type": "WEB",
      "url": "http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_July_2013"
    },
    {
      "type": "WEB",
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21648172"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-2033-1"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-2089-1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [],
  "summary": "Missing XML Validation in Apache Xerces2"
}

GHSA-PRC3-7F44-W48J

Vulnerability from github – Published: 2022-05-14 01:10 – Updated: 2025-04-14 21:41
VLAI
Summary
Missing XML Validation in Apache Tomcat
Details

Apache Tomcat before 6.0.40, 7.x before 7.0.54, and 8.x before 8.0.6 does not properly constrain the class loader that accesses the XML parser used with an XSLT stylesheet, which allows remote attackers to (1) read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, or (2) read files associated with different web applications on a single Tomcat instance via a crafted web application.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.tomcat:tomcat"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "6.0.40"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.tomcat:tomcat"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "7.0.0"
            },
            {
              "fixed": "7.0.54"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.tomcat:tomcat"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "8.0.0"
            },
            {
              "fixed": "8.0.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.tomcat:tomcat-catalina"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "6.0.40"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.tomcat:tomcat-catalina"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "7.0.0"
            },
            {
              "fixed": "7.0.54"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.tomcat:tomcat-catalina"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "8.0.0"
            },
            {
              "fixed": "8.0.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.tomcat:tomcat-jasper"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "6.0.40"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.tomcat:tomcat-jasper"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "7.0.0"
            },
            {
              "fixed": "7.0.54"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.tomcat:tomcat-jasper"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "8.0.0"
            },
            {
              "fixed": "8.0.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2014-0119"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-112"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-07-07T22:52:38Z",
    "nvd_published_at": "2014-05-31T11:17:00Z",
    "severity": "MODERATE"
  },
  "details": "Apache Tomcat before 6.0.40, 7.x before 7.0.54, and 8.x before 8.0.6 does not properly constrain the class loader that accesses the XML parser used with an XSLT stylesheet, which allows remote attackers to (1) read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, or (2) read files associated with different web applications on a single Tomcat instance via a crafted web application.",
  "id": "GHSA-prc3-7f44-w48j",
  "modified": "2025-04-14T21:41:44Z",
  "published": "2022-05-14T01:10:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0119"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/tomcat80/commit/d59fd4398c8ae6361e0b13c491f66b51e49a7441"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/tomcat80/commit/7d33457de5fc5a652a88fb9bbc9ba4cbbda58f04"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/tomcat80/commit/77e014cef5d5af619bcf77eaebf22c284d420802"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/tomcat80/commit/69a8a72283c3395ece8b899cf8562e126de97a27"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/tomcat80/commit/51e59532ad4c604f55575963dc7a7f0250cb420f"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/tomcat80/commit/4d90e355dc5ced4c53585c2b4700f71a52d8f447"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/tomcat80/commit/25251de791a6a7be13f2f3d3a66119a77025272d"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/tomcat/commit/f8b316acbbf9fabf87cc137e9777e912eda0d834"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/tomcat/commit/ebe5c16f18ce1559e8462a94b3876a98525980d2"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/tomcat/commit/080878ea519d8c74c53721a9ebf7be6fcf6f1f2f"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/tomcat/commit/50311bed8d87e452ff0e69838ba312c4fe899b2d"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/tomcat/commit/5517c5517e8a7ddb994504f0c5c05001a376b10c"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/tomcat/commit/5aae1323c31d643afa9f2db80713b8e97b5123af"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/tomcat/commit/6246d8307fb5f2b4ff0b0f4d6d1b0250dff01a81"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/tomcat/commit/769477b9bc8442db3f571385fa0c3e206242cbf1"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/tomcat/commit/934f884f330dad192d2c5dc950e28f4cd281461b"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/tomcat/commit/ad3b34a290a0255d2a4c356a3611ab41ed9d04f5"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/tomcat/commit/ce70ee6b8fe437a498a375215011056702b0c481"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/apache/tomcat"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013"
    },
    {
      "type": "WEB",
      "url": "http://advisories.mageia.org/MGASA-2014-0268.html"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=141017844705317\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=144498216801440\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-0675.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-0720.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-0765.html"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2014/Dec/23"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2014/May/141"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/59732"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/59873"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/60729"
    },
    {
      "type": "WEB",
      "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1588193"
    },
    {
      "type": "WEB",
      "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1588199"
    },
    {
      "type": "WEB",
      "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1589640"
    },
    {
      "type": "WEB",
      "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1589837"
    },
    {
      "type": "WEB",
      "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1589980"
    },
    {
      "type": "WEB",
      "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1589983"
    },
    {
      "type": "WEB",
      "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1589985"
    },
    {
      "type": "WEB",
      "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1589990"
    },
    {
      "type": "WEB",
      "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1589992"
    },
    {
      "type": "WEB",
      "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1589997"
    },
    {
      "type": "WEB",
      "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1590028"
    },
    {
      "type": "WEB",
      "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1590036"
    },
    {
      "type": "WEB",
      "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1593815"
    },
    {
      "type": "WEB",
      "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1593821"
    },
    {
      "type": "WEB",
      "url": "http://tomcat.apache.org/security-6.html"
    },
    {
      "type": "WEB",
      "url": "http://tomcat.apache.org/security-7.html"
    },
    {
      "type": "WEB",
      "url": "http://tomcat.apache.org/security-8.html"
    },
    {
      "type": "WEB",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678231"
    },
    {
      "type": "WEB",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681528"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2016/dsa-3530"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2016/dsa-3552"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:052"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:053"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:084"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/67669"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1030298"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-2654-1"
    },
    {
      "type": "WEB",
      "url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [],
  "summary": "Missing XML Validation in Apache Tomcat"
}

GHSA-QCFC-HMRC-59X7

Vulnerability from github – Published: 2026-01-11 15:31 – Updated: 2026-01-16 19:10
VLAI
Summary
Apache Struts 2 is Missing XML Validation
Details

Missing XML Validation vulnerability in Apache Struts, Apache Struts.

This issue affects Apache Struts: from 2.0.0 before 2.2.1; Apache Struts: from 2.2.1 through 6.1.0.

Users are recommended to upgrade to version 6.1.1, which fixes the issue.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.struts:struts2-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.0.0"
            },
            {
              "last_affected": "2.3.37"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.struts:struts2-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.5.0"
            },
            {
              "last_affected": "2.5.33"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.struts:struts2-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "6.0.0"
            },
            {
              "fixed": "6.1.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c 2.2.1"
      },
      "package": {
        "ecosystem": "Maven",
        "name": "com.opensymphony:xwork"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.0.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c 6.1.1"
      },
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.struts.xwork:xwork-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.2.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-68493"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-112",
      "CWE-611"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-01-13T21:49:00Z",
    "nvd_published_at": "2026-01-11T13:15:45Z",
    "severity": "HIGH"
  },
  "details": "Missing XML Validation vulnerability in Apache Struts, Apache Struts.\n\nThis issue affects Apache Struts: from 2.0.0 before 2.2.1; Apache Struts: from 2.2.1 through 6.1.0.\n\nUsers are recommended to upgrade to version 6.1.1, which fixes the issue.",
  "id": "GHSA-qcfc-hmrc-59x7",
  "modified": "2026-01-16T19:10:45Z",
  "published": "2026-01-11T15:31:59Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68493"
    },
    {
      "type": "WEB",
      "url": "https://cwiki.apache.org/confluence/display/WW/S2-069"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/apache/struts"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/01/11/2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Apache Struts 2 is Missing XML Validation"
}

GHSA-RV48-743J-57HJ

Vulnerability from github – Published: 2022-04-13 00:00 – Updated: 2022-04-21 00:00
VLAI
Details

When a user access SOAP Web services in SAP BusinessObjects Business Intelligence Platform - version 420, 430, it does not sufficiently validate the XML document accepted from an untrusted source, which might result in arbitrary files retrieval from the server and in successful exploits of DoS.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-28213"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-112"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-04-12T17:15:00Z",
    "severity": "HIGH"
  },
  "details": "When a user access SOAP Web services in SAP BusinessObjects Business Intelligence Platform - version 420, 430, it does not sufficiently validate the XML document accepted from an untrusted source, which might result in arbitrary files retrieval from the server and in successful exploits of DoS.",
  "id": "GHSA-rv48-743j-57hj",
  "modified": "2022-04-21T00:00:53Z",
  "published": "2022-04-13T00:00:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28213"
    },
    {
      "type": "WEB",
      "url": "https://launchpad.support.sap.com/#/notes/3055044"
    },
    {
      "type": "WEB",
      "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/167046/SAP-BusinessObjects-Intelligence-4.3-XML-Injection.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VP63-RRCM-9MPH

Vulnerability from github – Published: 2022-05-13 01:02 – Updated: 2024-02-27 23:11
VLAI
Summary
Missing XML Validation in Spring Framework
Details

The Spring MVC in Spring Framework before 3.2.4 and 4.0.0.M1 through 4.0.0.M2 does not disable external entity resolution for the StAX XMLInputFactory, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML with JAXB, aka an XML External Entity (XXE) issue, and a different vulnerability than CVE-2013-4152. NOTE: this issue was SPLIT from CVE-2013-4152 due to different affected versions.

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 3.2.3.RELEASE"
      },
      "package": {
        "ecosystem": "Maven",
        "name": "org.springframework:spring-oxm"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.2.4.RELEASE"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2013-7315"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-112"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-07-07T23:18:12Z",
    "nvd_published_at": "2014-01-23T21:55:00Z",
    "severity": "MODERATE"
  },
  "details": "The Spring MVC in Spring Framework before 3.2.4 and 4.0.0.M1 through 4.0.0.M2 does not disable external entity resolution for the StAX XMLInputFactory, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML with JAXB, aka an XML External Entity (XXE) issue, and a different vulnerability than CVE-2013-4152.  NOTE: this issue was SPLIT from CVE-2013-4152 due to different affected versions.",
  "id": "GHSA-vp63-rrcm-9mph",
  "modified": "2024-02-27T23:11:42Z",
  "published": "2022-05-13T01:02:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-7315"
    },
    {
      "type": "WEB",
      "url": "https://github.com/spring-projects/spring-framework/issues/15432"
    },
    {
      "type": "WEB",
      "url": "https://github.com/spring-projects/spring-framework/commit/434735fbf6e7f9051af2ef027657edb99120b173"
    },
    {
      "type": "WEB",
      "url": "https://github.com/spring-projects/spring-framework/commit/7576274874deeccb6da6b09a8d5bd62e8b5538b7"
    },
    {
      "type": "WEB",
      "url": "https://jira.spring.io/browse/SPR-10806?redirect=false"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/bugtraq/2013/Aug/154"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2013/Nov/14"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2014/dsa-2842"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/77998"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [],
  "summary": "Missing XML Validation in Spring Framework"
}

GHSA-W848-G5CV-J7WM

Vulnerability from github – Published: 2022-05-24 17:44 – Updated: 2022-05-24 17:44
VLAI
Details

In Hamilton Medical AG,T1-Ventillator versions 2.2.3 and prior, an XML validation vulnerability in the ventilator allows privileged attackers with physical access to render the device persistently unusable by uploading specially crafted configuration files.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-27282"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-112"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-03-15T22:15:00Z",
    "severity": "MODERATE"
  },
  "details": "In Hamilton Medical AG,T1-Ventillator versions 2.2.3 and prior, an XML validation vulnerability in the ventilator allows privileged attackers with physical access to render the device persistently unusable by uploading specially crafted configuration files.",
  "id": "GHSA-w848-g5cv-j7wm",
  "modified": "2022-05-24T17:44:36Z",
  "published": "2022-05-24T17:44:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-27282"
    },
    {
      "type": "WEB",
      "url": "https://us-cert.cisa.gov/ics/advisories/icsma-21-047-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Mitigation
Architecture and Design

Strategy: Input Validation

  • Always validate XML input against a known XML Schema or DTD.
  • It is not possible for an XML parser to validate all aspects of a document's content because a parser cannot understand the complete semantics of the data. However, a parser can do a complete and thorough job of checking the document's structure and therefore guarantee to the code that processes the document that the content is well-formed.
CAPEC-230: Serialized Data with Nested Payloads

Applications often need to transform data in and out of a data format (e.g., XML and YAML) by using a parser. It may be possible for an adversary to inject data that may have an adverse effect on the parser when it is being processed. Many data format languages allow the definition of macro-like structures that can be used to simplify the creation of complex structures. By nesting these structures, causing the data to be repeatedly substituted, an adversary can cause the parser to consume more resources while processing, causing excessive memory consumption and CPU utilization.

CAPEC-231: Oversized Serialized Data Payloads

An adversary injects oversized serialized data payloads into a parser during data processing to produce adverse effects upon the parser such as exhausting system resources and arbitrary code execution.