Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-g4jg-gpwv-p7wv

Опубликовано: 17 мая 2022
Источник: github
Github: Прошло ревью

Описание

Exposure of Sensitive Information to an Unauthorized Actor in RESTEasy

The readFrom function in providers.jaxb.JAXBXmlTypeProvider in RESTEasy before 2.3.2 allows remote attackers to read arbitrary files via an external entity reference in a Java Architecture for XML Binding (JAXB) input, aka an XML external entity (XXE) injection attack, a similar vulnerability to CVE-2012-0818.

Ссылки

Пакеты

Наименование

org.jboss.resteasy:resteasy-jaxb-provider

maven
Затронутые версииВерсия исправления

< 2.3.2

2.3.2

EPSS

Процентиль: 76%
0.0095
Низкий

CVE ID

CVE-2011-5245

Дефекты

CWE-200

Связанные уязвимости

redhat логотип

CVE-2011-5245

redhat
около 14 лет назад

The readFrom function in providers.jaxb.JAXBXmlTypeProvider in RESTEasy before 2.3.2 allows remote attackers to read arbitrary files via an external entity reference in a Java Architecture for XML Binding (JAXB) input, aka an XML external entity (XXE) injection attack, a similar vulnerability to CVE-2012-0818.

nvd логотип

CVE-2011-5245

nvd
около 13 лет назад

The readFrom function in providers.jaxb.JAXBXmlTypeProvider in RESTEasy before 2.3.2 allows remote attackers to read arbitrary files via an external entity reference in a Java Architecture for XML Binding (JAXB) input, aka an XML external entity (XXE) injection attack, a similar vulnerability to CVE-2012-0818.

EPSS

Процентиль: 76%
0.0095
Низкий

CVE ID

CVE-2011-5245

Дефекты

CWE-200