exploitDog

GHSA-4vgw-728w-p4h7

Опубликовано: 25 мар. 2023

Источник: github

Github: Не прошло ревью

CVSS3: 9.8

Описание

An issue was discovered in Independentsoft JODF before 1.1.110. The API is prone to XML external entity (XXE) injection via a remote DTD in a DOCX file.

An issue was discovered in Independentsoft JODF before 1.1.110. The API is prone to XML external entity (XXE) injection via a remote DTD in a DOCX file.

Ссылки

EPSS

Процентиль: 23%

0.00078

Низкий

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-611

Связанные уязвимости

CVE-2023-28150

CVSS3: 5.3

nvd

почти 3 года назад

An issue was discovered in Independentsoft JODF before 1.1.110. The API is prone to XML external entity (XXE) injection via a remote DTD in a DOCX file.

EPSS

Процентиль: 23%

0.00078

Низкий

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-611