CWE-611
AllowedImproper Restriction of XML External Entity Reference
Abstraction: Base · Status: Draft
The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.
1694 vulnerabilities reference this CWE, most recent first.
GHSA-3PPH-2595-CGFH
Vulnerability from github – Published: 2018-10-17 19:55 – Updated: 2024-03-04 20:32This vulnerability in Apache Solr 1.2 to 6.6.2 and 7.0.0 to 7.2.1 relates to an XML external entity expansion (XXE) in the &dataConfig=<inlinexml> parameter of Solr's DataImportHandler. It can be used as XXE using file/ftp/http protocols in order to read arbitrary local files from the Solr server or the internal network.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.solr:solr-core"
},
"ranges": [
{
"events": [
{
"introduced": "1.2"
},
{
"fixed": "6.6.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.solr:solr-core"
},
"ranges": [
{
"events": [
{
"introduced": "7.0.0"
},
{
"fixed": "7.3.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2018-1308"
],
"database_specific": {
"cwe_ids": [
"CWE-611"
],
"github_reviewed": true,
"github_reviewed_at": "2020-06-16T20:55:43Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "This vulnerability in Apache Solr 1.2 to 6.6.2 and 7.0.0 to 7.2.1 relates to an XML external entity expansion (XXE) in the `\u0026dataConfig=\u003cinlinexml\u003e` parameter of Solr\u0027s DataImportHandler. It can be used as XXE using file/ftp/http protocols in order to read arbitrary local files from the Solr server or the internal network.",
"id": "GHSA-3pph-2595-cgfh",
"modified": "2024-03-04T20:32:45Z",
"published": "2018-10-17T19:55:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1308"
},
{
"type": "WEB",
"url": "https://github.com/apache/lucene-solr/commit/3530397f1777332872eac2760f9aa0e2ae1d7450"
},
{
"type": "WEB",
"url": "https://github.com/apache/lucene-solr/commit/739a7933"
},
{
"type": "WEB",
"url": "https://github.com/apache/lucene-solr/commit/dd3be31f7062dcb2f3b2d7f0e89df29e197dee63"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-3pph-2595-cgfh"
},
{
"type": "WEB",
"url": "https://issues.apache.org/jira/browse/SOLR-11971"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00025.html"
},
{
"type": "WEB",
"url": "https://mail-archives.apache.org/mod_mbox/www-announce/201804.mbox/%3C000001d3cf68%245ac69af0%241053d0d0%24%40apache.org%3E"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2018/dsa-4194"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "There is a XML external entity expansion (XXE) vulnerability in Apache Solr "
}
GHSA-3PPR-72X5-X67Q
Vulnerability from github – Published: 2023-01-26 21:30 – Updated: 2024-01-04 12:11Jenkins MSTest Plugin 1.0.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.jvnet.hudson.plugins:mstest"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.0.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-24441"
],
"database_specific": {
"cwe_ids": [
"CWE-611",
"CWE-776"
],
"github_reviewed": true,
"github_reviewed_at": "2023-01-27T01:03:33Z",
"nvd_published_at": "2023-01-26T21:18:00Z",
"severity": "CRITICAL"
},
"details": "Jenkins MSTest Plugin 1.0.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.",
"id": "GHSA-3ppr-72x5-x67q",
"modified": "2024-01-04T12:11:28Z",
"published": "2023-01-26T21:30:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24441"
},
{
"type": "WEB",
"url": "https://github.com/jenkinsci/mstest-plugin/commit/f9b9b0cbdf7559fdd8fc4004e5a242f5801daa67"
},
{
"type": "WEB",
"url": "https://github.com/jenkinsci/mstest-plugin/releases/tag/mstest-1.0.1"
},
{
"type": "WEB",
"url": "https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-2292"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "XML external entity vulnerability on agents in Jenkins MSTest Plugin "
}
GHSA-3PR4-6X9M-839X
Vulnerability from github – Published: 2022-05-24 19:10 – Updated: 2022-05-24 19:10A vulnerability has been identified in Solid Edge SE2021 (All Versions < SE2021MP7). An XML external entity injection vulnerability in the underlying XML parser could cause the affected application to disclose arbitrary files to remote attackers by loading a specially crafted xml file.
{
"affected": [],
"aliases": [
"CVE-2021-37178"
],
"database_specific": {
"cwe_ids": [
"CWE-611"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-08-10T11:15:00Z",
"severity": "MODERATE"
},
"details": "A vulnerability has been identified in Solid Edge SE2021 (All Versions \u003c SE2021MP7). An XML external entity injection vulnerability in the underlying XML parser could cause the affected application to disclose arbitrary files to remote attackers by loading a specially crafted xml file.",
"id": "GHSA-3pr4-6x9m-839x",
"modified": "2022-05-24T19:10:37Z",
"published": "2022-05-24T19:10:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37178"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-818688.pdf"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-3Q62-H7X3-478P
Vulnerability from github – Published: 2022-05-17 03:05 – Updated: 2022-05-17 03:05XML External Entity (XXE) Vulnerability in /SSOPOST/metaAlias/%realm%/idpv2 in OpenAM - Access Management 10.1.0 allows remote attackers to read arbitrary files via the SAMLRequest parameter.
{
"affected": [],
"aliases": [
"CVE-2016-10097"
],
"database_specific": {
"cwe_ids": [
"CWE-611"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-01-02T09:59:00Z",
"severity": "HIGH"
},
"details": "XML External Entity (XXE) Vulnerability in /SSOPOST/metaAlias/%realm%/idpv2 in OpenAM - Access Management 10.1.0 allows remote attackers to read arbitrary files via the SAMLRequest parameter.",
"id": "GHSA-3q62-h7x3-478p",
"modified": "2022-05-17T03:05:21Z",
"published": "2022-05-17T03:05:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-10097"
},
{
"type": "WEB",
"url": "https://twitter.com/h02332/status/816252923688665088"
},
{
"type": "WEB",
"url": "http://www.cloudscan.me/2016/03/xxe-dork-open-am-1010-xml-injection.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/95174"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-3QJF-F83F-X2PM
Vulnerability from github – Published: 2022-05-17 01:09 – Updated: 2022-05-17 01:09XML external entity (XXE) vulnerability in bkr/server/jobs.py in Beaker before 20.1 allows remote authenticated users to obtain sensitive information via submitting job XML to the server containing entity references which reference files from the Beaker server's file system.
{
"affected": [],
"aliases": [
"CVE-2015-3160"
],
"database_specific": {
"cwe_ids": [
"CWE-611"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-09-06T21:29:00Z",
"severity": "MODERATE"
},
"details": "XML external entity (XXE) vulnerability in bkr/server/jobs.py in Beaker before 20.1 allows remote authenticated users to obtain sensitive information via submitting job XML to the server containing entity references which reference files from the Beaker server\u0027s file system.",
"id": "GHSA-3qjf-f83f-x2pm",
"modified": "2022-05-17T01:09:27Z",
"published": "2022-05-17T01:09:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3160"
},
{
"type": "WEB",
"url": "https://beaker-project.org/jenkins-results/beaker-review-checks-docs/995/documentation/_build/html/whats-new/release-20.html#beaker-20-1"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/attachment.cgi?id=1020003"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1215020"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2015/05/08/1"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/74569"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-3QPG-33WR-533J
Vulnerability from github – Published: 2022-02-12 00:00 – Updated: 2022-04-20 19:13An issue in the Export function of Magnolia v6.2.3 and below allows attackers to execute arbitrary code via a crafted XLF file.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "info.magnolia:magnolia-core"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.2.4"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-46365"
],
"database_specific": {
"cwe_ids": [
"CWE-611"
],
"github_reviewed": true,
"github_reviewed_at": "2022-02-14T22:44:02Z",
"nvd_published_at": "2022-02-11T21:15:00Z",
"severity": "HIGH"
},
"details": "An issue in the Export function of Magnolia v6.2.3 and below allows attackers to execute arbitrary code via a crafted XLF file.",
"id": "GHSA-3qpg-33wr-533j",
"modified": "2022-04-20T19:13:59Z",
"published": "2022-02-12T00:00:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-46365"
},
{
"type": "WEB",
"url": "https://docs.magnolia-cms.com/product-docs/6.2/Releases/Release-notes-for-Magnolia-CMS-6.2.4.html#_security_advisory"
},
{
"type": "WEB",
"url": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2021-46365-Unsafe%20XML%20Parsing-Magnolia%20CMS"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Improper Restriction of XML External Entity Reference in Magnolia CMS"
}
GHSA-3QWC-GVHP-6F85
Vulnerability from github – Published: 2022-11-16 12:00 – Updated: 2022-11-21 15:30A vulnerability in the module import function of the administrative interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to view sensitive information. This vulnerability is due to insufficient validation of the XML syntax when importing a module. An attacker could exploit this vulnerability by supplying a specially crafted XML file to the function. A successful exploit could allow the attacker to read sensitive data that would normally not be revealed.
{
"affected": [],
"aliases": [
"CVE-2022-20938"
],
"database_specific": {
"cwe_ids": [
"CWE-611"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-11-15T21:15:00Z",
"severity": "MODERATE"
},
"details": "A vulnerability in the module import function of the administrative interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to view sensitive information. This vulnerability is due to insufficient validation of the XML syntax when importing a module. An attacker could exploit this vulnerability by supplying a specially crafted XML file to the function. A successful exploit could allow the attacker to read sensitive data that would normally not be revealed.",
"id": "GHSA-3qwc-gvhp-6f85",
"modified": "2022-11-21T15:30:21Z",
"published": "2022-11-16T12:00:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-20938"
},
{
"type": "WEB",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xxe-MzPC4bYd"
},
{
"type": "WEB",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xxe-MzPC4bYd"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-3QWH-G5RX-3XC3
Vulnerability from github – Published: 2022-05-13 01:38 – Updated: 2025-04-12 12:48Unspecified vulnerability in HP WebInspect 7.x through 10.4 before 10.4 update 1 allows remote authenticated users to bypass intended access restrictions via unknown vectors.
{
"affected": [],
"aliases": [
"CVE-2015-2125"
],
"database_specific": {
"cwe_ids": [
"CWE-611"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2015-06-07T18:59:00Z",
"severity": "MODERATE"
},
"details": "Unspecified vulnerability in HP WebInspect 7.x through 10.4 before 10.4 update 1 allows remote authenticated users to bypass intended access restrictions via unknown vectors.",
"id": "GHSA-3qwh-g5rx-3xc3",
"modified": "2025-04-12T12:48:30Z",
"published": "2022-05-13T01:38:54Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2125"
},
{
"type": "WEB",
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04695307"
},
{
"type": "WEB",
"url": "https://www.exploit-db.com/exploits/37250"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/75036"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1032478"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-3QX8-HG75-RQ29
Vulnerability from github – Published: 2022-05-13 01:16 – Updated: 2022-05-13 01:16An XML external entity (XXE) vulnerability in Fortify Software Security Center (SSC), version 17.1, 17.2, 18.1 allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request.
{
"affected": [],
"aliases": [
"CVE-2018-12463"
],
"database_specific": {
"cwe_ids": [
"CWE-611"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-07-12T16:29:00Z",
"severity": "CRITICAL"
},
"details": "An XML external entity (XXE) vulnerability in Fortify Software Security Center (SSC), version 17.1, 17.2, 18.1 allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request.",
"id": "GHSA-3qx8-hg75-rq29",
"modified": "2022-05-13T01:16:16Z",
"published": "2022-05-13T01:16:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12463"
},
{
"type": "WEB",
"url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03201563"
},
{
"type": "WEB",
"url": "https://www.exploit-db.com/exploits/45027"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1041286"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-3R39-XHJJ-CWP2
Vulnerability from github – Published: 2021-12-15 00:00 – Updated: 2021-12-16 00:02dbeaver is vulnerable to Improper Restriction of XML External Entity Reference
{
"affected": [],
"aliases": [
"CVE-2021-3836"
],
"database_specific": {
"cwe_ids": [
"CWE-611"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-12-14T16:15:00Z",
"severity": "MODERATE"
},
"details": "dbeaver is vulnerable to Improper Restriction of XML External Entity Reference",
"id": "GHSA-3r39-xhjj-cwp2",
"modified": "2021-12-16T00:02:25Z",
"published": "2021-12-15T00:00:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3836"
},
{
"type": "WEB",
"url": "https://github.com/dbeaver/dbeaver/commit/4debf8f25184b7283681ed3fb5e9e887d9d4fe22"
},
{
"type": "WEB",
"url": "https://huntr.dev/bounties/a98264fb-1930-4c7c-b774-af24c0175fd4"
}
],
"schema_version": "1.4.0",
"severity": []
}
Mitigation
Many XML parsers and validators can be configured to disable external entity expansion.
CAPEC-221: Data Serialization External Entities Blowup
This attack takes advantage of the entity replacement property of certain data serialization languages (e.g., XML, YAML, etc.) where the value of the replacement is a URI. A well-crafted file could have the entity refer to a URI that consumes a large amount of resources to create a denial of service condition. This can cause the system to either freeze, crash, or execute arbitrary code depending on the URI.