CWE-112
AllowedMissing XML Validation
Abstraction: Base · Status: Draft
The product accepts XML from an untrusted source but does not validate the XML against the proper schema.
18 vulnerabilities reference this CWE, most recent first.
GHSA-4WQH-M4M9-QJM8
Vulnerability from github – Published: 2023-10-10 03:30 – Updated: 2024-04-04 08:26SAP PowerDesigner Client - version 16.7, does not sufficiently validate BPMN2 XML document imported from an untrusted source. As a result, URLs of external entities in BPMN2 file, although not used, would be accessed during import. A successful attack could impact availability of SAP PowerDesigner Client.
{
"affected": [],
"aliases": [
"CVE-2023-40310"
],
"database_specific": {
"cwe_ids": [
"CWE-112"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-10-10T02:15:10Z",
"severity": "HIGH"
},
"details": "SAP PowerDesigner\u00a0Client\u00a0- version 16.7, does not sufficiently validate BPMN2\u00a0XML document imported from an untrusted source. As a result, URLs of\u00a0external entities in BPMN2 file, although not used, would be accessed\u00a0during import.\u00a0A successful attack could impact availability of SAP PowerDesigner\u00a0Client.\n\n",
"id": "GHSA-4wqh-m4m9-qjm8",
"modified": "2024-04-04T08:26:52Z",
"published": "2023-10-10T03:30:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40310"
},
{
"type": "WEB",
"url": "https://me.sap.com/notes/3357154"
},
{
"type": "WEB",
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-63V5-26VQ-M4VM
Vulnerability from github – Published: 2026-01-26 21:30 – Updated: 2026-03-06 00:31A flaw was found in Keycloak's SAML brokering functionality. When Keycloak is configured as a client in a Security Assertion Markup Language (SAML) setup, it fails to validate the NotOnOrAfter timestamp within the SubjectConfirmationData. This allows an attacker to delay the expiration of SAML responses, potentially extending the time a response is considered valid and leading to unexpected session durations or resource consumption.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.keycloak:keycloak-services"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "26.5.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-1190"
],
"database_specific": {
"cwe_ids": [
"CWE-112",
"CWE-347",
"CWE-613"
],
"github_reviewed": true,
"github_reviewed_at": "2026-01-27T21:56:13Z",
"nvd_published_at": "2026-01-26T20:16:09Z",
"severity": "LOW"
},
"details": "A flaw was found in Keycloak\u0027s SAML brokering functionality. When Keycloak is configured as a client in a Security Assertion Markup Language (SAML) setup, it fails to validate the `NotOnOrAfter` timestamp within the `SubjectConfirmationData`. This allows an attacker to delay the expiration of SAML responses, potentially extending the time a response is considered valid and leading to unexpected session durations or resource consumption.",
"id": "GHSA-63v5-26vq-m4vm",
"modified": "2026-03-06T00:31:28Z",
"published": "2026-01-26T21:30:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1190"
},
{
"type": "WEB",
"url": "https://github.com/keycloak/keycloak/issues/45646"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:3947"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:3948"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2026-1190"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430835"
},
{
"type": "WEB",
"url": "https://github.com/keycloak/keycloak"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "Keycloak\u0027s missing timestamp validation allows attackers to extend SAML response validity periods"
}
GHSA-7J4H-8WPF-RQFH
Vulnerability from github – Published: 2022-05-13 01:01 – Updated: 2024-03-05 17:50XMLscanner.java in Apache Xerces2 Java Parser before 2.12.0, as used in the Java Runtime Environment (JRE) in IBM Java 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 as well as Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, Java SE Embedded 7u40 and earlier, and possibly other products allows remote attackers to cause a denial of service via vectors related to XML attribute names.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "xerces:xercesImpl"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.12.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2013-4002"
],
"database_specific": {
"cwe_ids": [
"CWE-112"
],
"github_reviewed": true,
"github_reviewed_at": "2022-07-08T19:14:49Z",
"nvd_published_at": "2013-07-23T11:03:00Z",
"severity": "HIGH"
},
"details": "XMLscanner.java in Apache Xerces2 Java Parser before 2.12.0, as used in the Java Runtime Environment (JRE) in IBM Java 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 as well as Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, Java SE Embedded 7u40 and earlier, and possibly other products allows remote attackers to cause a denial of service via vectors related to XML attribute names.",
"id": "GHSA-7j4h-8wpf-rqfh",
"modified": "2024-03-05T17:50:14Z",
"published": "2022-05-13T01:01:06Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4002"
},
{
"type": "WEB",
"url": "https://github.com/apache/xerces2-j/commit/266e837852e0f0e3c8c1ad572b6fc4dbb4ded17"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2014:0414"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85260"
},
{
"type": "PACKAGE",
"url": "https://github.com/apache/xerces2-j"
},
{
"type": "WEB",
"url": "https://issues.apache.org/jira/browse/XERCESJ-1679"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/49dc6702104a86ecbb40292dcd329ce9ae4c32b74733199ecab14a73@%3Cj-users.xerces.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5@%3Csolr-user.lucene.apache.org%3E"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html"
},
{
"type": "WEB",
"url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00001.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00027.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00029.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00000.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00003.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00010.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00023.html"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=138674031212883\u0026w=2"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=138674073720143\u0026w=2"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1059.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1060.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1081.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1440.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1447.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1451.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1505.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1818.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1821.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1822.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1823.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0675.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0720.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0765.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0773.html"
},
{
"type": "WEB",
"url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
},
{
"type": "WEB",
"url": "http://support.apple.com/kb/HT5982"
},
{
"type": "WEB",
"url": "http://svn.apache.org/viewvc/xerces/java/trunk/src/org/apache/xerces/impl/XMLScanner.java?r1=965250\u0026r2=1499506\u0026view=patch"
},
{
"type": "WEB",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC98015"
},
{
"type": "WEB",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21644197"
},
{
"type": "WEB",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21653371"
},
{
"type": "WEB",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21657539"
},
{
"type": "WEB",
"url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS13-025/index.html"
},
{
"type": "WEB",
"url": "http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm_filenet_content_manager_and_ibm_content_foundation_xml_4j_denial_of_service_attack_cve_2013_4002"
},
{
"type": "WEB",
"url": "http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_July_2013"
},
{
"type": "WEB",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21648172"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/USN-2033-1"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/USN-2089-1"
}
],
"schema_version": "1.4.0",
"severity": [],
"summary": "Missing XML Validation in Apache Xerces2"
}
GHSA-PRC3-7F44-W48J
Vulnerability from github – Published: 2022-05-14 01:10 – Updated: 2025-04-14 21:41Apache Tomcat before 6.0.40, 7.x before 7.0.54, and 8.x before 8.0.6 does not properly constrain the class loader that accesses the XML parser used with an XSLT stylesheet, which allows remote attackers to (1) read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, or (2) read files associated with different web applications on a single Tomcat instance via a crafted web application.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat:tomcat"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.0.40"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat:tomcat"
},
"ranges": [
{
"events": [
{
"introduced": "7.0.0"
},
{
"fixed": "7.0.54"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat:tomcat"
},
"ranges": [
{
"events": [
{
"introduced": "8.0.0"
},
{
"fixed": "8.0.6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat:tomcat-catalina"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.0.40"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat:tomcat-catalina"
},
"ranges": [
{
"events": [
{
"introduced": "7.0.0"
},
{
"fixed": "7.0.54"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat:tomcat-catalina"
},
"ranges": [
{
"events": [
{
"introduced": "8.0.0"
},
{
"fixed": "8.0.6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat:tomcat-jasper"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.0.40"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat:tomcat-jasper"
},
"ranges": [
{
"events": [
{
"introduced": "7.0.0"
},
{
"fixed": "7.0.54"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat:tomcat-jasper"
},
"ranges": [
{
"events": [
{
"introduced": "8.0.0"
},
{
"fixed": "8.0.6"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2014-0119"
],
"database_specific": {
"cwe_ids": [
"CWE-112"
],
"github_reviewed": true,
"github_reviewed_at": "2022-07-07T22:52:38Z",
"nvd_published_at": "2014-05-31T11:17:00Z",
"severity": "MODERATE"
},
"details": "Apache Tomcat before 6.0.40, 7.x before 7.0.54, and 8.x before 8.0.6 does not properly constrain the class loader that accesses the XML parser used with an XSLT stylesheet, which allows remote attackers to (1) read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, or (2) read files associated with different web applications on a single Tomcat instance via a crafted web application.",
"id": "GHSA-prc3-7f44-w48j",
"modified": "2025-04-14T21:41:44Z",
"published": "2022-05-14T01:10:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0119"
},
{
"type": "WEB",
"url": "https://github.com/apache/tomcat80/commit/d59fd4398c8ae6361e0b13c491f66b51e49a7441"
},
{
"type": "WEB",
"url": "https://github.com/apache/tomcat80/commit/7d33457de5fc5a652a88fb9bbc9ba4cbbda58f04"
},
{
"type": "WEB",
"url": "https://github.com/apache/tomcat80/commit/77e014cef5d5af619bcf77eaebf22c284d420802"
},
{
"type": "WEB",
"url": "https://github.com/apache/tomcat80/commit/69a8a72283c3395ece8b899cf8562e126de97a27"
},
{
"type": "WEB",
"url": "https://github.com/apache/tomcat80/commit/51e59532ad4c604f55575963dc7a7f0250cb420f"
},
{
"type": "WEB",
"url": "https://github.com/apache/tomcat80/commit/4d90e355dc5ced4c53585c2b4700f71a52d8f447"
},
{
"type": "WEB",
"url": "https://github.com/apache/tomcat80/commit/25251de791a6a7be13f2f3d3a66119a77025272d"
},
{
"type": "WEB",
"url": "https://github.com/apache/tomcat/commit/f8b316acbbf9fabf87cc137e9777e912eda0d834"
},
{
"type": "WEB",
"url": "https://github.com/apache/tomcat/commit/ebe5c16f18ce1559e8462a94b3876a98525980d2"
},
{
"type": "WEB",
"url": "https://github.com/apache/tomcat/commit/080878ea519d8c74c53721a9ebf7be6fcf6f1f2f"
},
{
"type": "WEB",
"url": "https://github.com/apache/tomcat/commit/50311bed8d87e452ff0e69838ba312c4fe899b2d"
},
{
"type": "WEB",
"url": "https://github.com/apache/tomcat/commit/5517c5517e8a7ddb994504f0c5c05001a376b10c"
},
{
"type": "WEB",
"url": "https://github.com/apache/tomcat/commit/5aae1323c31d643afa9f2db80713b8e97b5123af"
},
{
"type": "WEB",
"url": "https://github.com/apache/tomcat/commit/6246d8307fb5f2b4ff0b0f4d6d1b0250dff01a81"
},
{
"type": "WEB",
"url": "https://github.com/apache/tomcat/commit/769477b9bc8442db3f571385fa0c3e206242cbf1"
},
{
"type": "WEB",
"url": "https://github.com/apache/tomcat/commit/934f884f330dad192d2c5dc950e28f4cd281461b"
},
{
"type": "WEB",
"url": "https://github.com/apache/tomcat/commit/ad3b34a290a0255d2a4c356a3611ab41ed9d04f5"
},
{
"type": "WEB",
"url": "https://github.com/apache/tomcat/commit/ce70ee6b8fe437a498a375215011056702b0c481"
},
{
"type": "PACKAGE",
"url": "https://github.com/apache/tomcat"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013"
},
{
"type": "WEB",
"url": "http://advisories.mageia.org/MGASA-2014-0268.html"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=141017844705317\u0026w=2"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=144498216801440\u0026w=2"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0675.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0720.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0765.html"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2014/Dec/23"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2014/May/141"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/59732"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/59873"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/60729"
},
{
"type": "WEB",
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1588193"
},
{
"type": "WEB",
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1588199"
},
{
"type": "WEB",
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1589640"
},
{
"type": "WEB",
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1589837"
},
{
"type": "WEB",
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1589980"
},
{
"type": "WEB",
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1589983"
},
{
"type": "WEB",
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1589985"
},
{
"type": "WEB",
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1589990"
},
{
"type": "WEB",
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1589992"
},
{
"type": "WEB",
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1589997"
},
{
"type": "WEB",
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1590028"
},
{
"type": "WEB",
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1590036"
},
{
"type": "WEB",
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1593815"
},
{
"type": "WEB",
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1593821"
},
{
"type": "WEB",
"url": "http://tomcat.apache.org/security-6.html"
},
{
"type": "WEB",
"url": "http://tomcat.apache.org/security-7.html"
},
{
"type": "WEB",
"url": "http://tomcat.apache.org/security-8.html"
},
{
"type": "WEB",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678231"
},
{
"type": "WEB",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681528"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2016/dsa-3530"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2016/dsa-3552"
},
{
"type": "WEB",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:052"
},
{
"type": "WEB",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:053"
},
{
"type": "WEB",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:084"
},
{
"type": "WEB",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"type": "WEB",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"type": "WEB",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/67669"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1030298"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/USN-2654-1"
},
{
"type": "WEB",
"url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
}
],
"schema_version": "1.4.0",
"severity": [],
"summary": "Missing XML Validation in Apache Tomcat"
}
GHSA-QCFC-HMRC-59X7
Vulnerability from github – Published: 2026-01-11 15:31 – Updated: 2026-01-16 19:10Missing XML Validation vulnerability in Apache Struts, Apache Struts.
This issue affects Apache Struts: from 2.0.0 before 2.2.1; Apache Struts: from 2.2.1 through 6.1.0.
Users are recommended to upgrade to version 6.1.1, which fixes the issue.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.struts:struts2-core"
},
"ranges": [
{
"events": [
{
"introduced": "2.0.0"
},
{
"last_affected": "2.3.37"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.struts:struts2-core"
},
"ranges": [
{
"events": [
{
"introduced": "2.5.0"
},
{
"last_affected": "2.5.33"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.struts:struts2-core"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.1.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c 2.2.1"
},
"package": {
"ecosystem": "Maven",
"name": "com.opensymphony:xwork"
},
"ranges": [
{
"events": [
{
"introduced": "2.0.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c 6.1.1"
},
"package": {
"ecosystem": "Maven",
"name": "org.apache.struts.xwork:xwork-core"
},
"ranges": [
{
"events": [
{
"introduced": "2.2.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-68493"
],
"database_specific": {
"cwe_ids": [
"CWE-112",
"CWE-611"
],
"github_reviewed": true,
"github_reviewed_at": "2026-01-13T21:49:00Z",
"nvd_published_at": "2026-01-11T13:15:45Z",
"severity": "HIGH"
},
"details": "Missing XML Validation vulnerability in Apache Struts, Apache Struts.\n\nThis issue affects Apache Struts: from 2.0.0 before 2.2.1; Apache Struts: from 2.2.1 through 6.1.0.\n\nUsers are recommended to upgrade to version 6.1.1, which fixes the issue.",
"id": "GHSA-qcfc-hmrc-59x7",
"modified": "2026-01-16T19:10:45Z",
"published": "2026-01-11T15:31:59Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68493"
},
{
"type": "WEB",
"url": "https://cwiki.apache.org/confluence/display/WW/S2-069"
},
{
"type": "PACKAGE",
"url": "https://github.com/apache/struts"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/01/11/2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Apache Struts 2 is Missing XML Validation"
}
GHSA-RV48-743J-57HJ
Vulnerability from github – Published: 2022-04-13 00:00 – Updated: 2022-04-21 00:00When a user access SOAP Web services in SAP BusinessObjects Business Intelligence Platform - version 420, 430, it does not sufficiently validate the XML document accepted from an untrusted source, which might result in arbitrary files retrieval from the server and in successful exploits of DoS.
{
"affected": [],
"aliases": [
"CVE-2022-28213"
],
"database_specific": {
"cwe_ids": [
"CWE-112"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-04-12T17:15:00Z",
"severity": "HIGH"
},
"details": "When a user access SOAP Web services in SAP BusinessObjects Business Intelligence Platform - version 420, 430, it does not sufficiently validate the XML document accepted from an untrusted source, which might result in arbitrary files retrieval from the server and in successful exploits of DoS.",
"id": "GHSA-rv48-743j-57hj",
"modified": "2022-04-21T00:00:53Z",
"published": "2022-04-13T00:00:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28213"
},
{
"type": "WEB",
"url": "https://launchpad.support.sap.com/#/notes/3055044"
},
{
"type": "WEB",
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/167046/SAP-BusinessObjects-Intelligence-4.3-XML-Injection.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VP63-RRCM-9MPH
Vulnerability from github – Published: 2022-05-13 01:02 – Updated: 2024-02-27 23:11The Spring MVC in Spring Framework before 3.2.4 and 4.0.0.M1 through 4.0.0.M2 does not disable external entity resolution for the StAX XMLInputFactory, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML with JAXB, aka an XML External Entity (XXE) issue, and a different vulnerability than CVE-2013-4152. NOTE: this issue was SPLIT from CVE-2013-4152 due to different affected versions.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 3.2.3.RELEASE"
},
"package": {
"ecosystem": "Maven",
"name": "org.springframework:spring-oxm"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.2.4.RELEASE"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2013-7315"
],
"database_specific": {
"cwe_ids": [
"CWE-112"
],
"github_reviewed": true,
"github_reviewed_at": "2022-07-07T23:18:12Z",
"nvd_published_at": "2014-01-23T21:55:00Z",
"severity": "MODERATE"
},
"details": "The Spring MVC in Spring Framework before 3.2.4 and 4.0.0.M1 through 4.0.0.M2 does not disable external entity resolution for the StAX XMLInputFactory, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML with JAXB, aka an XML External Entity (XXE) issue, and a different vulnerability than CVE-2013-4152. NOTE: this issue was SPLIT from CVE-2013-4152 due to different affected versions.",
"id": "GHSA-vp63-rrcm-9mph",
"modified": "2024-02-27T23:11:42Z",
"published": "2022-05-13T01:02:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-7315"
},
{
"type": "WEB",
"url": "https://github.com/spring-projects/spring-framework/issues/15432"
},
{
"type": "WEB",
"url": "https://github.com/spring-projects/spring-framework/commit/434735fbf6e7f9051af2ef027657edb99120b173"
},
{
"type": "WEB",
"url": "https://github.com/spring-projects/spring-framework/commit/7576274874deeccb6da6b09a8d5bd62e8b5538b7"
},
{
"type": "WEB",
"url": "https://jira.spring.io/browse/SPR-10806?redirect=false"
},
{
"type": "WEB",
"url": "http://seclists.org/bugtraq/2013/Aug/154"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2013/Nov/14"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2014/dsa-2842"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/77998"
}
],
"schema_version": "1.4.0",
"severity": [],
"summary": "Missing XML Validation in Spring Framework"
}
GHSA-W848-G5CV-J7WM
Vulnerability from github – Published: 2022-05-24 17:44 – Updated: 2022-05-24 17:44In Hamilton Medical AG,T1-Ventillator versions 2.2.3 and prior, an XML validation vulnerability in the ventilator allows privileged attackers with physical access to render the device persistently unusable by uploading specially crafted configuration files.
{
"affected": [],
"aliases": [
"CVE-2020-27282"
],
"database_specific": {
"cwe_ids": [
"CWE-112"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-03-15T22:15:00Z",
"severity": "MODERATE"
},
"details": "In Hamilton Medical AG,T1-Ventillator versions 2.2.3 and prior, an XML validation vulnerability in the ventilator allows privileged attackers with physical access to render the device persistently unusable by uploading specially crafted configuration files.",
"id": "GHSA-w848-g5cv-j7wm",
"modified": "2022-05-24T17:44:36Z",
"published": "2022-05-24T17:44:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-27282"
},
{
"type": "WEB",
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-21-047-01"
}
],
"schema_version": "1.4.0",
"severity": []
}
Mitigation
Strategy: Input Validation
- Always validate XML input against a known XML Schema or DTD.
- It is not possible for an XML parser to validate all aspects of a document's content because a parser cannot understand the complete semantics of the data. However, a parser can do a complete and thorough job of checking the document's structure and therefore guarantee to the code that processes the document that the content is well-formed.
CAPEC-230: Serialized Data with Nested Payloads
Applications often need to transform data in and out of a data format (e.g., XML and YAML) by using a parser. It may be possible for an adversary to inject data that may have an adverse effect on the parser when it is being processed. Many data format languages allow the definition of macro-like structures that can be used to simplify the creation of complex structures. By nesting these structures, causing the data to be repeatedly substituted, an adversary can cause the parser to consume more resources while processing, causing excessive memory consumption and CPU utilization.
CAPEC-231: Oversized Serialized Data Payloads
An adversary injects oversized serialized data payloads into a parser during data processing to produce adverse effects upon the parser such as exhausting system resources and arbitrary code execution.