Common Weakness Enumeration

CWE-611

Allowed

Improper Restriction of XML External Entity Reference

Abstraction: Base · Status: Draft

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

1694 vulnerabilities reference this CWE, most recent first.

GHSA-6CMX-5PQJ-8H85

Vulnerability from github – Published: 2023-03-14 06:30 – Updated: 2023-03-21 18:30
VLAI
Details

SAP NetWeaver allows (SAP Enterprise Portal) - version 7.50, allows an authenticated attacker with sufficient privileges to access the XML parser which can submit a crafted XML file which when parsed will enable them to access but not modify sensitive files and data. It allows the attacker to view sensitive data which is owned by certain privileges.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-26461"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-611"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-03-14T05:15:00Z",
    "severity": "MODERATE"
  },
  "details": "SAP NetWeaver allows (SAP Enterprise Portal) - version 7.50, allows an authenticated attacker with sufficient privileges to access the XML parser which can submit a crafted XML file which when parsed will enable them to access but not modify sensitive files and data. It allows the attacker to view sensitive data which is owned by certain privileges.",
  "id": "GHSA-6cmx-5pqj-8h85",
  "modified": "2023-03-21T18:30:20Z",
  "published": "2023-03-14T06:30:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26461"
    },
    {
      "type": "WEB",
      "url": "https://launchpad.support.sap.com/#/notes/3284550"
    },
    {
      "type": "WEB",
      "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-6CPJ-3G83-Q2J4

Vulnerability from github – Published: 2022-05-17 04:50 – Updated: 2022-07-12 21:32
VLAI
Summary
Improper Restriction of XML External Entity Reference in Apache Solr
Details

The (1) UpdateRequestHandler for XSLT or (2) XPathEntityProcessor in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, different vectors than CVE-2013-6407.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.solr:solr-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.1.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2012-6612"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-611"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-07-12T21:32:13Z",
    "nvd_published_at": "2013-12-07T21:55:00Z",
    "severity": "HIGH"
  },
  "details": "The (1) UpdateRequestHandler for XSLT or (2) XPathEntityProcessor in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, different vectors than CVE-2013-6407.",
  "id": "GHSA-6cpj-3g83-q2j4",
  "modified": "2022-07-12T21:32:13Z",
  "published": "2022-05-17T04:50:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-6612"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/lucene-solr/commit/0d21b900975b7048d2e925d852aeacb9bdc6766c"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/lucene-solr/commit/f230486ce6707762c1a6e81655d0fac52887906d"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/apache/lucene-solr"
    },
    {
      "type": "WEB",
      "url": "https://issues.apache.org/jira/browse/SOLR-3895"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2013-1844.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2014-0029.html"
    },
    {
      "type": "WEB",
      "url": "http://svn.apache.org/viewvc/lucene/dev/branches/branch_4x/solr/CHANGES.txt?view=markup"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [],
  "summary": "Improper Restriction of XML External Entity Reference in Apache Solr"
}

GHSA-6CR6-PH3P-F5RF

Vulnerability from github – Published: 2024-09-06 19:45 – Updated: 2024-09-06 19:45
VLAI
Summary
XXE vulnerability in XSLT transforms in `org.hl7.fhir.core`
Details

Impact

XSLT transforms performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag ( <!DOCTYPE foo [<!ENTITY example SYSTEM "/etc/passwd"> ]> could produce XML containing data from the host system. This impacts use cases where org.hl7.fhir.core is being used to within a host where external clients can submit XML.

Patches

This issue has been patched in release 6.3.23

Workarounds

None.

References

MITRE CWE OWASP XML External Entity Prevention Cheat Sheet

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "ca.uhn.hapi.fhir:org.hl7.fhir.dstu2016may"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "6.3.23"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "ca.uhn.hapi.fhir:org.hl7.fhir.dstu3"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "6.3.23"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "ca.uhn.hapi.fhir:org.hl7.fhir.r4"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "6.3.23"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "ca.uhn.hapi.fhir:org.hl7.fhir.r4b"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "6.3.23"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "ca.uhn.hapi.fhir:org.hl7.fhir.r5"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "6.3.23"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "ca.uhn.hapi.fhir:org.hl7.fhir.utilities"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "6.3.23"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-45294"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-611"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-09-06T19:45:27Z",
    "nvd_published_at": "2024-09-06T16:15:03Z",
    "severity": "HIGH"
  },
  "details": "### Impact\nXSLT transforms performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag ( `\u003c!DOCTYPE foo [\u003c!ENTITY example SYSTEM \"/etc/passwd\"\u003e ]\u003e` could produce XML containing data from the host system. This impacts use cases where org.hl7.fhir.core is being used to within a host where external clients can submit XML.\n\n### Patches\nThis issue has been patched in release 6.3.23\n\n### Workarounds\nNone.\n\n### References\n[MITRE CWE](https://cwe.mitre.org/data/definitions/611.html)\n[OWASP XML External Entity Prevention Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html#transformerfactory)\n",
  "id": "GHSA-6cr6-ph3p-f5rf",
  "modified": "2024-09-06T19:45:27Z",
  "published": "2024-09-06T19:45:27Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/HL7/fhir-ig-publisher/security/advisories/GHSA-59rq-22fm-x8q5"
    },
    {
      "type": "WEB",
      "url": "https://github.com/hapifhir/org.hl7.fhir.core/security/advisories/GHSA-6cr6-ph3p-f5rf"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45294"
    },
    {
      "type": "WEB",
      "url": "https://github.com/HL7/fhir-ig-publisher/releases/tag/1.6.22"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/hapifhir/org.hl7.fhir.core"
    },
    {
      "type": "WEB",
      "url": "https://github.com/hapifhir/org.hl7.fhir.core/releases/tag/6.3.23"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "XXE vulnerability in XSLT transforms in `org.hl7.fhir.core`"
}

GHSA-6FHJ-VR9J-G45R

Vulnerability from github – Published: 2025-11-10 21:04 – Updated: 2025-11-15 02:46
VLAI
Summary
CycloneDX Core (Java): BOM validation is vulnerable to XML External Entity injection
Details

Impact

The XML Validator used by cyclonedx-core-java was not configured securely, making the library vulnerable to XML External Entity (XXE) injection.

The fix for GHSA-683x-4444-jxh8 / CVE-2024-38374 has been incomplete in that it only fixed parsing of XML BOMs, but not validation.

Patches

The vulnerability has been fixed in cyclonedx-core-java version 11.0.1.

Workarounds

If feasible, applications can reject XML documents before handing them to cyclonedx-core-java for validation. This may be an option if incoming CycloneDX BOMs are known to be in JSON format.

References

  • The issue was introduced via https://github.com/CycloneDX/cyclonedx-core-java/commit/162aa594f347b3f612fe0a45071693c3cd398ce9
  • The issue was fixed via https://github.com/CycloneDX/cyclonedx-core-java/pull/737
  • https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html#schemafactory
Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.cyclonedx:cyclonedx-core-java"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.1.0"
            },
            {
              "fixed": "11.0.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-64518"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-611"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-11-10T21:04:03Z",
    "nvd_published_at": "2025-11-10T22:15:40Z",
    "severity": "HIGH"
  },
  "details": "### Impact\n\nThe XML [`Validator`](https://docs.oracle.com/javase/8/docs/api/javax/xml/validation/Validator.html) used by cyclonedx-core-java was not configured securely, making the library vulnerable to XML External Entity (XXE) injection.\n\nThe fix for GHSA-683x-4444-jxh8 / CVE-2024-38374 has been incomplete in that it only fixed *parsing* of XML BOMs, but not *validation*.\n\n### Patches\n\nThe vulnerability has been fixed in cyclonedx-core-java version 11.0.1.\n\n### Workarounds\n\nIf feasible, applications can reject XML documents before handing them to cyclonedx-core-java for validation.\nThis may be an option if incoming CycloneDX BOMs are known to be in JSON format.\n\n### References\n\n* The issue was introduced via https://github.com/CycloneDX/cyclonedx-core-java/commit/162aa594f347b3f612fe0a45071693c3cd398ce9\n* The issue was fixed via https://github.com/CycloneDX/cyclonedx-core-java/pull/737\n* https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html#schemafactory",
  "id": "GHSA-6fhj-vr9j-g45r",
  "modified": "2025-11-15T02:46:38Z",
  "published": "2025-11-10T21:04:03Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/CycloneDX/cyclonedx-core-java/security/advisories/GHSA-6fhj-vr9j-g45r"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64518"
    },
    {
      "type": "WEB",
      "url": "https://github.com/CycloneDX/cyclonedx-core-java/pull/737"
    },
    {
      "type": "WEB",
      "url": "https://github.com/CycloneDX/cyclonedx-core-java/commit/162aa594f347b3f612fe0a45071693c3cd398ce9"
    },
    {
      "type": "WEB",
      "url": "https://github.com/CycloneDX/cyclonedx-core-java/commit/af0ec75c93c03f93733a070c5132554490af5314"
    },
    {
      "type": "WEB",
      "url": "https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html#schemafactory"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/CycloneDX/cyclonedx-core-java"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "CycloneDX Core (Java): BOM validation is vulnerable to XML External Entity injection "
}

GHSA-6FQM-3HX5-GMG3

Vulnerability from github – Published: 2022-05-14 02:59 – Updated: 2022-05-14 02:59
VLAI
Details

XML external entity (XXE) vulnerability in java/org/jasig/cas/util/SamlUtils.java in Jasig CAS server before 3.4.12.1 and 3.5.x before 3.5.2.1, when Google Accounts Integration is enabled, allows remote unauthenticated users to bypass authentication via crafted XML data.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2014-2296"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-611"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-07-20T17:29:00Z",
    "severity": "HIGH"
  },
  "details": "XML external entity (XXE) vulnerability in java/org/jasig/cas/util/SamlUtils.java in Jasig CAS server before 3.4.12.1 and 3.5.x before 3.5.2.1, when Google Accounts Integration is enabled, allows remote unauthenticated users to bypass authentication via crafted XML data.",
  "id": "GHSA-6fqm-3hx5-gmg3",
  "modified": "2022-05-14T02:59:07Z",
  "published": "2022-05-14T02:59:07Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2296"
    },
    {
      "type": "WEB",
      "url": "https://vigilance.fr/vulnerability/Jasig-CAS-Server-bypassing-authentication-via-Google-Accounts-Integration-14512"
    },
    {
      "type": "WEB",
      "url": "http://jasig.275507.n4.nabble.com/CAS-3-5-2-1-and-3-4-12-1-Security-Releases-td4662444.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-6FVX-R7HX-3VH6

Vulnerability from github – Published: 2018-10-17 18:28 – Updated: 2022-04-27 14:25
VLAI
Summary
JavaMelody has XXE via parseSoapMethodName in bull/javamelody/PayloadNameRequestWrapper.java.
Details

JavaMelody before 1.74.0 has XXE via parseSoapMethodName in bull/javamelody/PayloadNameRequestWrapper.java.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "net.bull.javamelody:javamelody-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.74.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2018-15531"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-611"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-16T21:19:10Z",
    "nvd_published_at": null,
    "severity": "CRITICAL"
  },
  "details": "JavaMelody before 1.74.0 has XXE via parseSoapMethodName in bull/javamelody/PayloadNameRequestWrapper.java.",
  "id": "GHSA-6fvx-r7hx-3vh6",
  "modified": "2022-04-27T14:25:05Z",
  "published": "2018-10-17T18:28:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-15531"
    },
    {
      "type": "WEB",
      "url": "https://github.com/javamelody/javamelody/commit/ef111822562d0b9365bd3e671a75b65bd0613353"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/advisories/GHSA-6fvx-r7hx-3vh6"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/javamelody/javamelody"
    },
    {
      "type": "WEB",
      "url": "https://github.com/javamelody/javamelody/wiki/ReleaseNotes"
    },
    {
      "type": "WEB",
      "url": "https://jenkins.io/security/advisory/2018-09-25"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2018/09/25/3"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "JavaMelody has XXE via parseSoapMethodName in bull/javamelody/PayloadNameRequestWrapper.java."
}

GHSA-6G33-82GC-3PW5

Vulnerability from github – Published: 2022-05-17 00:34 – Updated: 2022-07-01 20:33
VLAI
Summary
Improper Restriction of XML External Entity Reference in Jelly
Details

During Jelly (xml) file parsing with Apache Xerces, if a custom doctype entity is declared with a "SYSTEM" entity with a URL and that entity is used in the body of the Jelly file, during parser instantiation the parser will attempt to connect to said URL. This could lead to XML External Entity (XXE) attacks in Apache Commons Jelly before 1.0.1.

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 1.0"
      },
      "package": {
        "ecosystem": "Maven",
        "name": "commons-jelly:commons-jelly"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.0.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2017-12621"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-611"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-07-01T20:33:22Z",
    "nvd_published_at": "2017-09-28T01:29:00Z",
    "severity": "CRITICAL"
  },
  "details": "During Jelly (xml) file parsing with Apache Xerces, if a custom doctype entity is declared with a \"SYSTEM\" entity with a URL and that entity is used in the body of the Jelly file, during parser instantiation the parser will attempt to connect to said URL. This could lead to XML External Entity (XXE) attacks in Apache Commons Jelly before 1.0.1.",
  "id": "GHSA-6g33-82gc-3pw5",
  "modified": "2022-07-01T20:33:22Z",
  "published": "2022-05-17T00:34:13Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12621"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/apache/commons-jelly"
    },
    {
      "type": "WEB",
      "url": "https://issues.apache.org/jira/browse/JELLY-293"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/f1fc3f2c45264af44ce782d54b5908ac95f02bf7ad88bb57bfb04b73@%3Cdev.commons.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://web.archive.org/web/20200227144849/http://www.securityfocus.com/bid/101052"
    },
    {
      "type": "WEB",
      "url": "https://web.archive.org/web/20210303081618/http://www.securitytracker.com/id/1039444"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Improper Restriction of XML External Entity Reference in Jelly"
}

GHSA-6G49-F785-8862

Vulnerability from github – Published: 2023-02-16 21:30 – Updated: 2023-02-27 21:30
VLAI
Details

An improper restriction of xml external entity reference in Fortinet FortiNAC version 9.4.0 through 9.4.1, FortiNAC version 9.2.0 through 9.2.7, FortiNAC version 9.1.0 through 9.1.8, FortiNAC version 8.8.0 through 8.8.11, FortiNAC version 8.7.0 through 8.7.6, FortiNAC version 8.6.0 through 8.6.5, FortiNAC version 8.5.0 through 8.5.4, FortiNAC version 8.3.7 allows attacker to read arbitrary files or trigger a denial of service via specifically crafted XML documents.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-39954"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-611"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-02-16T19:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "An improper restriction of xml external entity reference in Fortinet FortiNAC version 9.4.0 through 9.4.1, FortiNAC version 9.2.0 through 9.2.7, FortiNAC version 9.1.0 through 9.1.8, FortiNAC version 8.8.0 through 8.8.11, FortiNAC version 8.7.0 through 8.7.6, FortiNAC version 8.6.0 through 8.6.5, FortiNAC version 8.5.0 through 8.5.4, FortiNAC version 8.3.7 allows attacker to read arbitrary files or trigger a denial of service via specifically crafted XML documents.",
  "id": "GHSA-6g49-f785-8862",
  "modified": "2023-02-27T21:30:34Z",
  "published": "2023-02-16T21:30:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39954"
    },
    {
      "type": "WEB",
      "url": "https://fortiguard.com/psirt/FG-IR-22-304"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-6GF8-CQW7-6G5F

Vulnerability from github – Published: 2022-05-13 01:34 – Updated: 2022-05-13 01:34
VLAI
Details

A External Entity Reference ('XXE') vulnerability in SUSE Linux SMT allows remote attackers to read data from the server or cause DoS by referencing blocking elements. Affected releases are SUSE Linux SMT: versions prior to 3.0.37.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-12471"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-611"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-10-04T14:29:00Z",
    "severity": "HIGH"
  },
  "details": "A External Entity Reference (\u0027XXE\u0027) vulnerability in SUSE Linux SMT allows remote attackers to read data from the server or cause DoS by referencing blocking elements. Affected releases are SUSE Linux SMT: versions prior to 3.0.37.",
  "id": "GHSA-6gf8-cqw7-6g5f",
  "modified": "2022-05-13T01:34:46Z",
  "published": "2022-05-13T01:34:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12471"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.suse.com/show_bug.cgi?id=1103809"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-6HC6-87CM-6QCJ

Vulnerability from github – Published: 2022-07-30 00:00 – Updated: 2022-08-06 00:00
VLAI
Details

An attacker can force the victim’s device to perform arbitrary HTTP requests in WAN through a malicious SVG file being parsed by Autodesk Fusion 360’s document parser. The vulnerability exists in the application’s ‘Insert SVG’ procedure. An attacker can also leverage this vulnerability to obtain victim’s public IP and possibly other sensitive information.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-27873"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-611"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-07-29T16:15:00Z",
    "severity": "HIGH"
  },
  "details": "An attacker can force the victim\u2019s device to perform arbitrary HTTP requests in WAN through a malicious SVG file being parsed by Autodesk Fusion 360\u2019s document parser. The vulnerability exists in the application\u2019s \u2018Insert SVG\u2019 procedure. An attacker can also leverage this vulnerability to obtain victim\u2019s public IP and possibly other sensitive information.",
  "id": "GHSA-6hc6-87cm-6qcj",
  "modified": "2022-08-06T00:00:37Z",
  "published": "2022-07-30T00:00:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27873"
    },
    {
      "type": "WEB",
      "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0013"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Implementation System Configuration

Many XML parsers and validators can be configured to disable external entity expansion.

CAPEC-221: Data Serialization External Entities Blowup

This attack takes advantage of the entity replacement property of certain data serialization languages (e.g., XML, YAML, etc.) where the value of the replacement is a URI. A well-crafted file could have the entity refer to a URI that consumes a large amount of resources to create a denial of service condition. This can cause the system to either freeze, crash, or execute arbitrary code depending on the URI.