CWE-611
AllowedImproper Restriction of XML External Entity Reference
Abstraction: Base · Status: Draft
The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.
1691 vulnerabilities reference this CWE, most recent first.
GHSA-VJ8X-7V7M-G9V3
Vulnerability from github – Published: 2022-05-14 03:19 – Updated: 2022-05-14 03:19In Dell EMC Unisphere for VMAX Virtual Appliance versions prior to 8.4.0.8, Dell EMC Solutions Enabler Virtual Appliance versions prior to 8.4.0.8, Dell EMC VASA Provider Virtual Appliance versions prior to 8.4.0.512, Dell EMC SMIS versions prior to 8.4.0.6, Dell EMC VMAX Embedded Management (eManagement) versions prior to and including 1.4.0.347, Dell EMC VNX2 Operating Environment (OE) for File versions prior to 8.1.9.231, Dell EMC VNX2 Operating Environment (OE) for Block versions prior to 05.33.009.5.231, Dell EMC VNX1 Operating Environment (OE) for File versions prior to 7.1.82.0, Dell EMC VNX1 Operating Environment (OE) for Block versions prior to 05.32.000.5.225, Dell EMC VNXe3200 Operating Environment (OE) all versions, Dell EMC VNXe1600 Operating Environment (OE) versions prior to 3.1.9.9570228, Dell EMC VNXe 3100/3150/3300 Operating Environment (OE) all versions, Dell EMC ViPR SRM versions 3.7, 3.7.1, 3.7.2 (only if using Dell EMC Host Interface for Windows), Dell EMC ViPR SRM versions 4.0, 4.0.1, 4.0.2, 4.0.3 (only if using Dell EMC Host Interface for Windows), Dell EMC XtremIO versions 4.x, Dell EMC VMAX eNAS version 8.x, Dell EMC Unity Operating Environment (OE) versions prior to 4.3.0.1522077968, ECOM is affected by a XXE injection vulnerability due to the configuration of the XML parser shipped with the product. XXE Injection attack may occur when XML input containing a reference to an external entity (defined by the attacker) is processed by an affected XML parser. XXE Injection may allow attackers to gain unauthorized access to files containing sensitive information or may be used to cause denial-of-service.
{
"affected": [],
"aliases": [
"CVE-2018-1183"
],
"database_specific": {
"cwe_ids": [
"CWE-611"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-04-30T20:29:00Z",
"severity": "CRITICAL"
},
"details": "In Dell EMC Unisphere for VMAX Virtual Appliance versions prior to 8.4.0.8, Dell EMC Solutions Enabler Virtual Appliance versions prior to 8.4.0.8, Dell EMC VASA Provider Virtual Appliance versions prior to 8.4.0.512, Dell EMC SMIS versions prior to 8.4.0.6, Dell EMC VMAX Embedded Management (eManagement) versions prior to and including 1.4.0.347, Dell EMC VNX2 Operating Environment (OE) for File versions prior to 8.1.9.231, Dell EMC VNX2 Operating Environment (OE) for Block versions prior to 05.33.009.5.231, Dell EMC VNX1 Operating Environment (OE) for File versions prior to 7.1.82.0, Dell EMC VNX1 Operating Environment (OE) for Block versions prior to 05.32.000.5.225, Dell EMC VNXe3200 Operating Environment (OE) all versions, Dell EMC VNXe1600 Operating Environment (OE) versions prior to 3.1.9.9570228, Dell EMC VNXe 3100/3150/3300 Operating Environment (OE) all versions, Dell EMC ViPR SRM versions 3.7, 3.7.1, 3.7.2 (only if using Dell EMC Host Interface for Windows), Dell EMC ViPR SRM versions 4.0, 4.0.1, 4.0.2, 4.0.3 (only if using Dell EMC Host Interface for Windows), Dell EMC XtremIO versions 4.x, Dell EMC VMAX eNAS version 8.x, Dell EMC Unity Operating Environment (OE) versions prior to 4.3.0.1522077968, ECOM is affected by a XXE injection vulnerability due to the configuration of the XML parser shipped with the product. XXE Injection attack may occur when XML input containing a reference to an external entity (defined by the attacker) is processed by an affected XML parser. XXE Injection may allow attackers to gain unauthorized access to files containing sensitive information or may be used to cause denial-of-service.",
"id": "GHSA-vj8x-7v7m-g9v3",
"modified": "2022-05-14T03:19:05Z",
"published": "2022-05-14T03:19:05Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1183"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2018/Apr/61"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/104024"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VJF8-HC3F-MPW4
Vulnerability from github – Published: 2022-07-30 00:00 – Updated: 2022-08-05 00:00Access to external entities when parsing XML documents can lead to XML external entity (XXE) attacks. This flaw allows a remote attacker to potentially retrieve the content of arbitrary files by sending specially crafted HTTP requests.
{
"affected": [],
"aliases": [
"CVE-2022-2414"
],
"database_specific": {
"cwe_ids": [
"CWE-611"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-07-29T19:15:00Z",
"severity": "HIGH"
},
"details": "Access to external entities when parsing XML documents can lead to XML external entity (XXE) attacks. This flaw allows a remote attacker to potentially retrieve the content of arbitrary files by sending specially crafted HTTP requests.",
"id": "GHSA-vjf8-hc3f-mpw4",
"modified": "2022-08-05T00:00:23Z",
"published": "2022-07-30T00:00:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2414"
},
{
"type": "WEB",
"url": "https://github.com/dogtagpki/pki/pull/4021"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-VJG9-7379-XQ82
Vulnerability from github – Published: 2022-02-26 00:00 – Updated: 2022-03-05 00:00In JetBrains TeamCity before 2021.2.1, XXE during the parsing of the configuration file was possible.
{
"affected": [],
"aliases": [
"CVE-2022-24340"
],
"database_specific": {
"cwe_ids": [
"CWE-611"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-02-25T15:15:00Z",
"severity": "CRITICAL"
},
"details": "In JetBrains TeamCity before 2021.2.1, XXE during the parsing of the configuration file was possible.",
"id": "GHSA-vjg9-7379-xq82",
"modified": "2022-03-05T00:00:54Z",
"published": "2022-02-26T00:00:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24340"
},
{
"type": "WEB",
"url": "https://blog.jetbrains.com"
},
{
"type": "WEB",
"url": "https://blog.jetbrains.com/blog/2022/02/08/jetbrains-security-bulletin-q4-2021"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-VJR7-9X47-6RJ6
Vulnerability from github – Published: 2024-10-16 18:31 – Updated: 2024-10-16 18:31IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A privileged user could exploit this vulnerability to expose sensitive information or consume memory resources.
{
"affected": [],
"aliases": [
"CVE-2024-45072"
],
"database_specific": {
"cwe_ids": [
"CWE-611"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-10-16T17:15:16Z",
"severity": "MODERATE"
},
"details": "IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A privileged user could exploit this vulnerability to expose sensitive information or consume memory resources.",
"id": "GHSA-vjr7-9x47-6rj6",
"modified": "2024-10-16T18:31:47Z",
"published": "2024-10-16T18:31:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45072"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/7173263"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-VJV6-GQ77-3MJW
Vulnerability from github – Published: 2020-07-07 16:32 – Updated: 2023-06-27 20:27Impact
A user can do to an XML External Entity (XXE) attack with the provided SDL style.
Patches
Use version >= 3.24
Workarounds
No
References
- https://cwe.mitre.org/data/definitions/611.html
- https://github.com/mapfish/mapfish-print/pull/1397/commits/e1d0527d13db06b2b62ca7d6afb9e97dacd67a0e
For more information
If you have any questions or comments about this advisory Comment the pull request: https://github.com/mapfish/mapfish-print/pull/1397
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.mapfish.print:print-lib"
},
"ranges": [
{
"events": [
{
"introduced": "3.0"
},
{
"fixed": "3.24"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.mapfish.print:print-servlet"
},
"ranges": [
{
"events": [
{
"introduced": "3.0"
},
{
"fixed": "3.24"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.mapfish.print:print-standalone"
},
"ranges": [
{
"events": [
{
"introduced": "3.0"
},
{
"fixed": "3.24"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2020-15232"
],
"database_specific": {
"cwe_ids": [
"CWE-611"
],
"github_reviewed": true,
"github_reviewed_at": "2020-07-07T16:32:20Z",
"nvd_published_at": null,
"severity": "CRITICAL"
},
"details": "### Impact\nA user can do to an XML External Entity (XXE) attack with the provided SDL style.\n\n### Patches\nUse version \u003e= 3.24\n\n### Workarounds\nNo\n\n### References\n* https://cwe.mitre.org/data/definitions/611.html\n* https://github.com/mapfish/mapfish-print/pull/1397/commits/e1d0527d13db06b2b62ca7d6afb9e97dacd67a0e\n\n### For more information\nIf you have any questions or comments about this advisory Comment the pull request: https://github.com/mapfish/mapfish-print/pull/1397\n",
"id": "GHSA-vjv6-gq77-3mjw",
"modified": "2023-06-27T20:27:43Z",
"published": "2020-07-07T16:32:45Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/mapfish/mapfish-print/security/advisories/GHSA-vjv6-gq77-3mjw"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15232"
},
{
"type": "WEB",
"url": "https://github.com/mapfish/mapfish-print/pull/1397"
},
{
"type": "WEB",
"url": "https://github.com/mapfish/mapfish-print/pull/1397/commits/e1d0527d13db06b2b62ca7d6afb9e97dacd67a0e"
},
{
"type": "PACKAGE",
"url": "https://github.com/mapfish/mapfish-print"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "XXE attack in Mapfish Print"
}
GHSA-VMGC-J3J3-W739
Vulnerability from github – Published: 2022-02-11 00:01 – Updated: 2024-02-16 18:31Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).
{
"affected": [],
"aliases": [
"CVE-2022-21282"
],
"database_specific": {
"cwe_ids": [
"CWE-611"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-01-19T12:15:00Z",
"severity": "MODERATE"
},
"details": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).",
"id": "GHSA-vmgc-j3j3-w739",
"modified": "2024-02-16T18:31:02Z",
"published": "2022-02-11T00:01:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21282"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202209-05"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20220121-0007"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2022/dsa-5057"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2022/dsa-5058"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-VMM5-FJGX-2JHP
Vulnerability from github – Published: 2026-05-26 13:30 – Updated: 2026-06-29 23:01Insecure XML parser configuration in Apache CXF's WS-Transfer module may allow attackers to perform XXE attacks. Users are recommended to upgrade to versions 4.2.1, 4.1.6 or 3.6.11, which fix this issue.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.cxf:cxf-rt-ws-transfer"
},
"ranges": [
{
"events": [
{
"introduced": "4.2.0"
},
{
"fixed": "4.2.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"4.2.0"
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.cxf:cxf-rt-ws-transfer"
},
"ranges": [
{
"events": [
{
"introduced": "4.1.0"
},
{
"fixed": "4.1.6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.cxf:cxf-rt-ws-transfer"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.6.11"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-44618"
],
"database_specific": {
"cwe_ids": [
"CWE-611"
],
"github_reviewed": true,
"github_reviewed_at": "2026-06-29T23:01:34Z",
"nvd_published_at": "2026-05-22T13:16:22Z",
"severity": "MODERATE"
},
"details": "Insecure XML parser configuration in Apache CXF\u0027s WS-Transfer module may allow attackers to perform XXE attacks.\nUsers are recommended to upgrade to versions 4.2.1, 4.1.6 or 3.6.11, which fix this issue.",
"id": "GHSA-vmm5-fjgx-2jhp",
"modified": "2026-06-29T23:01:34Z",
"published": "2026-05-26T13:30:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44618"
},
{
"type": "PACKAGE",
"url": "https://github.com/apache/cxf"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread/c7vb015f8ljmjl44030mn0yfq71f7sd7"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/05/22/8"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Apache CXF\u0027s WS-Transfer module has an insecure XML parser configuration"
}
GHSA-VP5F-8JGW-J53C
Vulnerability from github – Published: 2022-05-24 17:33 – Updated: 2023-10-27 13:04Jenkins Subversion Plugin 2.13.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
This allows attackers able to control an agent process to have Jenkins parse a crafted changelog file that uses external entities for extraction of secrets from the Jenkins controller or server-side request forgery.
Jenkins Subversion Plugin 2.13.2 disables external entity resolution for its XML parser.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.jenkins-ci.plugins:subversion"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.13.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2020-2304"
],
"database_specific": {
"cwe_ids": [
"CWE-611"
],
"github_reviewed": true,
"github_reviewed_at": "2022-12-21T19:38:14Z",
"nvd_published_at": "2020-11-04T15:15:00Z",
"severity": "MODERATE"
},
"details": "Jenkins Subversion Plugin 2.13.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.\n\nThis allows attackers able to control an agent process to have Jenkins parse a crafted changelog file that uses external entities for extraction of secrets from the Jenkins controller or server-side request forgery.\n\nJenkins Subversion Plugin 2.13.2 disables external entity resolution for its XML parser.",
"id": "GHSA-vp5f-8jgw-j53c",
"modified": "2023-10-27T13:04:39Z",
"published": "2022-05-24T17:33:07Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-2304"
},
{
"type": "WEB",
"url": "https://github.com/jenkinsci/subversion-plugin/commit/83f24081114a465f88d44fc84180d4d9d02c705d"
},
{
"type": "PACKAGE",
"url": "https://github.com/jenkinsci/subversion-plugin"
},
{
"type": "WEB",
"url": "https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-2145"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2020/11/04/6"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "XXE vulnerability in Jenkins Subversion Plugin"
}
GHSA-VPFJ-5GG5-FVFM
Vulnerability from github – Published: 2022-05-24 17:10 – Updated: 2023-01-05 20:21Cobertura Plugin 1.15 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
This allows a user able to control the input files for the 'Publish Cobertura Coverage Report' post-build step to have Jenkins parse a crafted file that uses external entities for extraction of secrets from the Jenkins controller or server-side request forgery.
Cobertura Plugin 1.16 disables external entity resolution for its XML parser.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 1.15"
},
"package": {
"ecosystem": "Maven",
"name": "org.jenkins-ci.plugins:cobertura"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.16"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2020-2138"
],
"database_specific": {
"cwe_ids": [
"CWE-611"
],
"github_reviewed": true,
"github_reviewed_at": "2023-01-05T20:21:53Z",
"nvd_published_at": "2020-03-09T16:15:00Z",
"severity": "HIGH"
},
"details": "Cobertura Plugin 1.15 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.\n\nThis allows a user able to control the input files for the \u0027Publish Cobertura Coverage Report\u0027 post-build step to have Jenkins parse a crafted file that uses external entities for extraction of secrets from the Jenkins controller or server-side request forgery.\n\nCobertura Plugin 1.16 disables external entity resolution for its XML parser.",
"id": "GHSA-vpfj-5gg5-fvfm",
"modified": "2023-01-05T20:21:53Z",
"published": "2022-05-24T17:10:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-2138"
},
{
"type": "WEB",
"url": "https://github.com/jenkinsci/cobertura-plugin/commit/fdee535fe4782181d822b875c96df8306f245d48"
},
{
"type": "PACKAGE",
"url": "https://github.com/jenkinsci/cobertura-plugin"
},
{
"type": "WEB",
"url": "https://jenkins.io/security/advisory/2020-03-09/#SECURITY-1700"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2020/03/09/1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "XXE vulnerability in Jenkins Cobertura Plugin"
}
GHSA-VPJ9-G8WM-99V5
Vulnerability from github – Published: 2022-05-13 01:34 – Updated: 2022-05-13 01:34Multiple variants of XML External Entity (XXE) attacks may be used to exfiltrate data from the host Windows platform in GE MDS PulseNET and MDS PulseNET Enterprise version 3.2.1 and prior.
{
"affected": [],
"aliases": [
"CVE-2018-10613"
],
"database_specific": {
"cwe_ids": [
"CWE-611"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-06-04T14:29:00Z",
"severity": "HIGH"
},
"details": "Multiple variants of XML External Entity (XXE) attacks may be used to exfiltrate data from the host Windows platform in GE MDS PulseNET and MDS PulseNET Enterprise version 3.2.1 and prior.",
"id": "GHSA-vpj9-g8wm-99v5",
"modified": "2022-05-13T01:34:59Z",
"published": "2022-05-13T01:34:59Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10613"
},
{
"type": "WEB",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-02"
},
{
"type": "WEB",
"url": "http://www.gegridsolutions.com/app/DownloadFile.aspx?prod=pulsenet\u0026type=9\u0026file=1"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/104377"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
Mitigation
Many XML parsers and validators can be configured to disable external entity expansion.
CAPEC-221: Data Serialization External Entities Blowup
This attack takes advantage of the entity replacement property of certain data serialization languages (e.g., XML, YAML, etc.) where the value of the replacement is a URI. A well-crafted file could have the entity refer to a URI that consumes a large amount of resources to create a denial of service condition. This can cause the system to either freeze, crash, or execute arbitrary code depending on the URI.