CVE-2017-1000061

Опубликовано: 17 июл. 2017

Источник: debian

EPSS Низкий

Описание

xmlsec 1.2.23 and before is vulnerable to XML External Entity Expansion when parsing crafted input documents, resulting in possible information disclosure or denial of service

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
xmlsec1	fixed	1.2.24-1		package
xmlsec1	no-dsa		stretch	package
xmlsec1	no-dsa		jessie	package
xmlsec1	no-dsa		wheezy	package

Примечания

https://github.com/lsh123/xmlsec/issues/43

EPSS

Процентиль: 69%

0.00591

Низкий

Связанные уязвимости

CVE-2017-1000061

CVSS3: 7.1

ubuntu

больше 8 лет назад

xmlsec 1.2.23 and before is vulnerable to XML External Entity Expansion when parsing crafted input documents, resulting in possible information disclosure or denial of service

CVE-2017-1000061

CVSS3: 6.5

redhat

почти 9 лет назад

xmlsec 1.2.23 and before is vulnerable to XML External Entity Expansion when parsing crafted input documents, resulting in possible information disclosure or denial of service

CVE-2017-1000061

CVSS3: 7.1

nvd

больше 8 лет назад

xmlsec 1.2.23 and before is vulnerable to XML External Entity Expansion when parsing crafted input documents, resulting in possible information disclosure or denial of service

GHSA-jmhh-hg4r-g2c2

CVSS3: 7.1

github

больше 3 лет назад

xmlsec 1.2.23 and before is vulnerable to XML External Entity Expansion when parsing crafted input documents, resulting in possible information disclosure or denial of service

ELSA-2017-2492

oracle-oval

больше 8 лет назад

ELSA-2017-2492: xmlsec1 security update (MODERATE)

EPSS

Процентиль: 69%

0.00591

Низкий