CVE-2017-1000061

Опубликовано: 17 июл. 2017

Источник: debian

Описание

xmlsec 1.2.23 and before is vulnerable to XML External Entity Expansion when parsing crafted input documents, resulting in possible information disclosure or denial of service

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
xmlsec1	fixed	1.2.24-1		package
xmlsec1	no-dsa		stretch	package
xmlsec1	no-dsa		jessie	package
xmlsec1	no-dsa		wheezy	package

Примечания

https://github.com/lsh123/xmlsec/issues/43

Связанные уязвимости

CVE-2017-1000061

CVSS3: 7.1

ubuntu

больше 8 лет назад

xmlsec 1.2.23 and before is vulnerable to XML External Entity Expansion when parsing crafted input documents, resulting in possible information disclosure or denial of service

CVE-2017-1000061

CVSS3: 6.5

redhat

больше 8 лет назад

xmlsec 1.2.23 and before is vulnerable to XML External Entity Expansion when parsing crafted input documents, resulting in possible information disclosure or denial of service

CVE-2017-1000061

CVSS3: 7.1

nvd

больше 8 лет назад

xmlsec 1.2.23 and before is vulnerable to XML External Entity Expansion when parsing crafted input documents, resulting in possible information disclosure or denial of service

GHSA-jmhh-hg4r-g2c2

CVSS3: 7.1

github

больше 3 лет назад

xmlsec 1.2.23 and before is vulnerable to XML External Entity Expansion when parsing crafted input documents, resulting in possible information disclosure or denial of service

ELSA-2017-2492

oracle-oval

около 8 лет назад

ELSA-2017-2492: xmlsec1 security update (MODERATE)