exploitDog

GHSA-7wwr-6qph-hrh6

Опубликовано: 14 мая 2022

Источник: github

Github: Не прошло ревью

CVSS3: 10

Описание

Stroom version <5.4.5 contains a XML External Entity (XXE) vulnerability in XML Parser that can result in disclosure of confidential data, denial of service, server side request forgery, port scanning. This attack appear to be exploitable via Specially crafted XML file.

Stroom version <5.4.5 contains a XML External Entity (XXE) vulnerability in XML Parser that can result in disclosure of confidential data, denial of service, server side request forgery, port scanning. This attack appear to be exploitable via Specially crafted XML file.

Ссылки

EPSS

Процентиль: 47%

0.00245

Низкий

10 Critical

CVSS3

CVE ID

CVE-2018-1000651

Дефекты

CWE-611

Связанные уязвимости

CVE-2018-1000651

CVSS3: 10

nvd

больше 7 лет назад

Stroom version <5.4.5 contains a XML External Entity (XXE) vulnerability in XML Parser that can result in disclosure of confidential data, denial of service, server side request forgery, port scanning. This attack appear to be exploitable via Specially crafted XML file.

EPSS

Процентиль: 47%

0.00245

Низкий

10 Critical

CVSS3

CVE ID

CVE-2018-1000651

Дефекты

CWE-611