Описание
SimpleXML (latest version 2.7.1) is vulnerable to an XXE vulnerability resulting SSRF, information disclosure, DoS and so on.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| simple-xml | fixed | 2.7.1-3 | package | |
| simple-xml | ignored | stretch | package | |
| simple-xml | no-dsa | jessie | package | |
| simple-xml | no-dsa | wheezy | package |
Примечания
https://github.com/ngallagher/simplexml/issues/18
Fixing commit in a new fork of the library (which is renamed simple-xml-safe):
https://github.com/dweiss/simplexml/commit/c8d4b4310549bfaf6dc0a20abea7fbcca6e51edd
Связанные уязвимости
CVSS3: 9.1
ubuntu
около 8 лет назад
SimpleXML (latest version 2.7.1) is vulnerable to an XXE vulnerability resulting SSRF, information disclosure, DoS and so on.
CVSS3: 9.1
nvd
около 8 лет назад
SimpleXML (latest version 2.7.1) is vulnerable to an XXE vulnerability resulting SSRF, information disclosure, DoS and so on.
CVSS3: 9.1
github
больше 3 лет назад
SimpleXML has XML External Entity (XXE) vulnerability