Common Weakness Enumeration

CWE-611

Allowed

Improper Restriction of XML External Entity Reference

Abstraction: Base · Status: Draft

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

1691 vulnerabilities reference this CWE, most recent first.

GHSA-Q48R-XG9H-78M8

Vulnerability from github – Published: 2022-11-15 12:00 – Updated: 2022-11-22 00:12
VLAI
Summary
Concrete CMS vulnerable to XML External Entity
Details

Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to XXE based DNS requests leading to IP disclosure.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "concrete5/concrete5"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.5.10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "concrete5/concrete5"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "9.0.0"
            },
            {
              "fixed": "9.1.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-43689"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-611"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-11-22T00:12:47Z",
    "nvd_published_at": "2022-11-14T23:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to XXE based DNS requests leading to IP disclosure.",
  "id": "GHSA-q48r-xg9h-78m8",
  "modified": "2022-11-22T00:12:47Z",
  "published": "2022-11-15T12:00:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43689"
    },
    {
      "type": "WEB",
      "url": "https://documentation.concretecms.org/developers/introduction/version-history/8510-release-notes"
    },
    {
      "type": "WEB",
      "url": "https://documentation.concretecms.org/developers/introduction/version-history/913-release-notes"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/concretecms/concretecms"
    },
    {
      "type": "WEB",
      "url": "https://github.com/concretecms/concretecms/releases/8.5.10"
    },
    {
      "type": "WEB",
      "url": "https://github.com/concretecms/concretecms/releases/9.1.3"
    },
    {
      "type": "WEB",
      "url": "https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2022-10-31"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Concrete CMS vulnerable to XML External Entity"
}

GHSA-Q4M6-R7VG-PR4J

Vulnerability from github – Published: 2022-05-13 01:33 – Updated: 2022-05-13 01:33
VLAI
Details

IBM Jazz Foundation (IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6) is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 143501.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-1588"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-611"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-09-25T15:29:00Z",
    "severity": "HIGH"
  },
  "details": "IBM Jazz Foundation (IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6) is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 143501.",
  "id": "GHSA-q4m6-r7vg-pr4j",
  "modified": "2022-05-13T01:33:06Z",
  "published": "2022-05-13T01:33:06Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1588"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/143501"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/docview.wss?uid=ibm10731511"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-Q4MM-89Q2-XFFG

Vulnerability from github – Published: 2022-05-17 01:52 – Updated: 2024-02-09 16:27
VLAI
Summary
phpMyAdmin vulnerable to XML external entity (XXE) injection attack
Details

The simplexml_load_string function in the XML import plug-in (libraries/import/xml.php) in phpMyAdmin 3.4.x before 3.4.7.1 and 3.3.x before 3.3.10.5 allows remote authenticated users to read arbitrary files via XML data containing external entity references, aka an XML external entity (XXE) injection attack.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "phpmyadmin/phpmyadmin"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.4.0"
            },
            {
              "fixed": "3.4.7.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "phpmyadmin/phpmyadmin"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.3.0"
            },
            {
              "fixed": "3.3.10.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2011-4107"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200",
      "CWE-611"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-02-09T16:27:56Z",
    "nvd_published_at": "2011-11-17T19:55:00Z",
    "severity": "MODERATE"
  },
  "details": "The `simplexml_load_string` function in the XML import plug-in (`libraries/import/xml.php`) in phpMyAdmin 3.4.x before 3.4.7.1 and 3.3.x before 3.3.10.5 allows remote authenticated users to read arbitrary files via XML data containing external entity references, aka an XML external entity (XXE) injection attack.",
  "id": "GHSA-q4mm-89q2-xffg",
  "modified": "2024-02-09T16:27:57Z",
  "published": "2022-05-17T01:52:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-4107"
    },
    {
      "type": "WEB",
      "url": "https://github.com/phpmyadmin/phpmyadmin/commit/2fbf631384fd8cded55f4500cb87b129442f9ed2"
    },
    {
      "type": "WEB",
      "url": "https://github.com/phpmyadmin/phpmyadmin/commit/34d99de000de9d15cfdf5e9cc8b7682d51110bbd"
    },
    {
      "type": "WEB",
      "url": "https://github.com/phpmyadmin/phpmyadmin/commit/5fa86b8e81565c15ddbc359e8f59ecd829a2b717"
    },
    {
      "type": "WEB",
      "url": "https://github.com/phpmyadmin/phpmyadmin/commit/a5e206fbd2ca814042cfc1bb7dd3b40c28ce3fb5"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=751112"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71108"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/phpmyadmin/phpmyadmin"
    },
    {
      "type": "WEB",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069625.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069635.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069649.html"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.org/files/view/106511/phpmyadmin-fileread.txt"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2011/Nov/21"
    },
    {
      "type": "WEB",
      "url": "http://securityreason.com/securityalert/8533"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2012/dsa-2391"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2011/11/03/3"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2011/11/03/5"
    },
    {
      "type": "WEB",
      "url": "http://www.phpmyadmin.net/home_page/security/PMASA-2011-17.php"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "phpMyAdmin vulnerable to XML external entity (XXE) injection attack"
}

GHSA-Q4Q3-6VR4-QQ23

Vulnerability from github – Published: 2024-08-15 18:31 – Updated: 2024-08-15 21:31
VLAI
Details

XML External Entity (XXE) vulnerability in Terminalfour 8.0.0001 through 8.3.18 and XML JDBC versions up to 1.0.4 allows authenticated users to submit malicious XML via unspecified features which could lead to various actions such as accessing the underlying server, remote code execution (RCE), or performing Server-Side Request Forgery (SSRF) attacks.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-22218"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-611"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-08-15T18:15:19Z",
    "severity": "HIGH"
  },
  "details": "XML External Entity (XXE) vulnerability in Terminalfour 8.0.0001 through 8.3.18 and XML JDBC versions up to 1.0.4 allows authenticated users to submit malicious XML via unspecified features which could lead to various actions such as accessing the underlying server, remote code execution (RCE), or performing Server-Side Request Forgery (SSRF) attacks.",
  "id": "GHSA-q4q3-6vr4-qq23",
  "modified": "2024-08-15T21:31:19Z",
  "published": "2024-08-15T18:31:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22218"
    },
    {
      "type": "WEB",
      "url": "https://docs.terminalfour.com/articles/release-notes-highlights"
    },
    {
      "type": "WEB",
      "url": "https://docs.terminalfour.com/release-notes/security-notices/cve-2024-22218--cve-2024-22219"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-Q4XF-3PMQ-3HW8

Vulnerability from github – Published: 2022-01-06 20:41 – Updated: 2021-03-29 16:20
VLAI
Summary
Improper Restriction of XML External Entity Reference in Apache NiFi
Details

In Apache NiFi 1.0.0 to 1.11.4, the notification service manager and various policy authorizer and user group provider objects allowed trusted administrators to inadvertently configure a potentially malicious XML file. The XML file has the ability to make external calls to services (via XXE).

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 1.11.4"
      },
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.nifi:nifi"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.0.0"
            },
            {
              "fixed": "1.12.0-RC1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2020-13940"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-611"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-03-29T16:20:14Z",
    "nvd_published_at": "2020-10-01T20:15:00Z",
    "severity": "MODERATE"
  },
  "details": "In Apache NiFi 1.0.0 to 1.11.4, the notification service manager and various policy authorizer and user group provider objects allowed trusted administrators to inadvertently configure a potentially malicious XML file. The XML file has the ability to make external calls to services (via XXE).",
  "id": "GHSA-q4xf-3pmq-3hw8",
  "modified": "2021-03-29T16:20:14Z",
  "published": "2022-01-06T20:41:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13940"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/nifi/commit/7f0416ee8bdcee95e28409cc6fae9c1394c2a798"
    },
    {
      "type": "WEB",
      "url": "https://nifi.apache.org/security#CVE-2020-13940"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Improper Restriction of XML External Entity Reference in Apache NiFi"
}

GHSA-Q56H-JJJ6-52MF

Vulnerability from github – Published: 2022-05-17 01:24 – Updated: 2024-04-16 16:27
VLAI
Summary
Improper Restriction of XML External Entity Reference in Apache POI
Details

The OPC SAX setup in Apache POI before 3.10.1 allows remote attackers to read arbitrary files via an OpenXML file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.poi:poi"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.10.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2014-3529"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-611"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-07-07T22:42:15Z",
    "nvd_published_at": "2014-09-04T17:55:00Z",
    "severity": "MODERATE"
  },
  "details": "The OPC SAX setup in Apache POI before 3.10.1 allows remote attackers to read arbitrary files via an OpenXML file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.",
  "id": "GHSA-q56h-jjj6-52mf",
  "modified": "2024-04-16T16:27:05Z",
  "published": "2022-05-17T01:24:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3529"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/poi/commit/103b45073c7b504236588b3acc146530205af53c"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/poi/commit/236c3c52a9b90688b2e57ec503559409e29f33ed"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/poi/commit/6050a68d5adfb4ffef1edb778add09bcee32d1c3"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/poi/commit/d72bd78c19dfb7b57395a66ae8d9269d59a87bd2"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/poi/commit/eabb6a924be24abb879372d0bc967e0d316b2cf8"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95770"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/apache/poi"
    },
    {
      "type": "WEB",
      "url": "https://lucene.apache.org/solr/solrnews.html#18-august-2014-recommendation-to-update-apache-poi-in-apache-solr-480-481-and-490-installations"
    },
    {
      "type": "WEB",
      "url": "http://poi.apache.org/changes.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2014-1370.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2014-1398.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2014-1399.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2014-1400.html"
    },
    {
      "type": "WEB",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21996759"
    },
    {
      "type": "WEB",
      "url": "http://www.apache.org/dist/poi/release/RELEASE-NOTES.txt"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [],
  "summary": "Improper Restriction of XML External Entity Reference in Apache POI"
}

GHSA-Q595-R7RH-MC9H

Vulnerability from github – Published: 2026-01-14 00:31 – Updated: 2026-01-14 00:31
VLAI
Details

Geonetwork 3.10 through 4.2.0 contains an XML external entity vulnerability in PDF rendering that allows attackers to retrieve arbitrary files from the server. Attackers can exploit the insecure XML parser by crafting a malicious XML document with external entity references to read system files through the baseURL parameter in PDF creation requests.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-50899"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-611"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-01-13T23:15:52Z",
    "severity": "HIGH"
  },
  "details": "Geonetwork 3.10 through 4.2.0 contains an XML external entity vulnerability in PDF rendering that allows attackers to retrieve arbitrary files from the server. Attackers can exploit the insecure XML parser by crafting a malicious XML document with external entity references to read system files through the baseURL parameter in PDF creation requests.",
  "id": "GHSA-q595-r7rh-mc9h",
  "modified": "2026-01-14T00:31:28Z",
  "published": "2026-01-14T00:31:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50899"
    },
    {
      "type": "WEB",
      "url": "https://geonetwork-opensource.org"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/50982"
    },
    {
      "type": "WEB",
      "url": "https://www.vulncheck.com/advisories/geonetwork-xml-external-entity-xxe"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-Q695-424C-RGVG

Vulnerability from github – Published: 2022-05-24 19:13 – Updated: 2022-05-24 19:13
VLAI
Details

An improper restriction of XML external entity (XXE) reference vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator to read any arbitrary file from the file system and send a specifically crafted request to the firewall that causes the service to crash. Repeated attempts to send this request result in denial of service to all PAN-OS services by restarting the device and putting it into maintenance mode. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.20; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14; PAN-OS 9.1 versions earlier than PAN-OS 9.1.10; PAN-OS 10.0 versions earlier than PAN-OS 10.0.6. This issue does not affect Prisma Access.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-3055"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-611"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-09-08T17:15:00Z",
    "severity": "MODERATE"
  },
  "details": "An improper restriction of XML external entity (XXE) reference vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator to read any arbitrary file from the file system and send a specifically crafted request to the firewall that causes the service to crash. Repeated attempts to send this request result in denial of service to all PAN-OS services by restarting the device and putting it into maintenance mode. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.20; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14; PAN-OS 9.1 versions earlier than PAN-OS 9.1.10; PAN-OS 10.0 versions earlier than PAN-OS 10.0.6. This issue does not affect Prisma Access.",
  "id": "GHSA-q695-424c-rgvg",
  "modified": "2022-05-24T19:13:19Z",
  "published": "2022-05-24T19:13:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3055"
    },
    {
      "type": "WEB",
      "url": "https://security.paloaltonetworks.com/CVE-2021-3055"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-Q6PR-2FQ6-V4RV

Vulnerability from github – Published: 2022-05-24 16:52 – Updated: 2024-04-04 01:34
VLAI
Details

The Transition Technologies "The Scheduler" app 5.1.3 for Jira allows XXE due to a weakly configured/parameterized XML parser. It was fixed in the versions 5.2.1 and 3.3.7

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-14383"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-611"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-08-07T15:15:00Z",
    "severity": "HIGH"
  },
  "details": "The Transition Technologies \"The Scheduler\" app 5.1.3 for Jira allows XXE due to a weakly configured/parameterized XML parser. It was fixed in the versions 5.2.1 and 3.3.7",
  "id": "GHSA-q6pr-2fq6-v4rv",
  "modified": "2024-04-04T01:34:40Z",
  "published": "2022-05-24T16:52:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14383"
    },
    {
      "type": "WEB",
      "url": "https://marketplace.atlassian.com/apps/37456/the-scheduler?hosting=server\u0026tab=versions"
    },
    {
      "type": "WEB",
      "url": "https://www.compass-security.com/fileadmin/Datein/Research/Advisories/CSNC-2018-022_jira_plugin_the_scheduler.txt"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-Q723-3768-2877

Vulnerability from github – Published: 2022-05-14 03:10 – Updated: 2022-05-14 03:10
VLAI
Details

The Java implementation of AMF3 deserializers used by WebORB for Java by Midnight Coders, version 5.1.1.0, allows external entity references (XXEs) from XML documents embedded within AMF3 messages. If the XML parsing is handled incorrectly it could potentially expose sensitive data on the server, denial of service, or server side request forgery.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-3208"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-611"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-06-11T17:29:00Z",
    "severity": "CRITICAL"
  },
  "details": "The Java implementation of AMF3 deserializers used by WebORB for Java by Midnight Coders, version 5.1.1.0, allows external entity references (XXEs) from XML documents embedded within AMF3 messages. If the XML parsing is handled incorrectly it could potentially expose sensitive data on the server, denial of service, or server side request forgery.",
  "id": "GHSA-q723-3768-2877",
  "modified": "2022-05-14T03:10:11Z",
  "published": "2022-05-14T03:10:11Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3208"
    },
    {
      "type": "WEB",
      "url": "https://codewhitesec.blogspot.com/2017/04/amf.html"
    },
    {
      "type": "WEB",
      "url": "https://www.kb.cert.org/vuls/id/307983"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/97384"
    },
    {
      "type": "WEB",
      "url": "http://www.securityweek.com/flaws-java-amf-libraries-allow-remote-code-execution"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Implementation System Configuration

Many XML parsers and validators can be configured to disable external entity expansion.

CAPEC-221: Data Serialization External Entities Blowup

This attack takes advantage of the entity replacement property of certain data serialization languages (e.g., XML, YAML, etc.) where the value of the replacement is a URI. A well-crafted file could have the entity refer to a URI that consumes a large amount of resources to create a denial of service condition. This can cause the system to either freeze, crash, or execute arbitrary code depending on the URI.