GHSA-wvpv-8524-wg6x

Опубликовано: 14 мая 2022

Источник: github

Github: Прошло ревью

CVSS3: 9.8

Описание

mxGraph vulnerable to XXE attacks

In mxGraphViewImageReader.java in mxGraph before 3.7.6, the SAXParserFactory instance in convert() is missing flags to prevent XML External Entity (XXE) attacks, as demonstrated by /ServerView.

Ссылки

Пакеты

Наименование

mxgraph

npm

Затронутые версииВерсия исправления

< 3.7.6

3.7.6

EPSS

Процентиль: 63%

0.0044

Низкий

9.8 Critical

CVSS3

CVE ID

CVE-2017-18197

Дефекты

CWE-611

Связанные уязвимости

CVE-2017-18197

CVSS3: 9.8

ubuntu

почти 8 лет назад

In mxGraphViewImageReader.java in mxGraph before 3.7.6, the SAXParserFactory instance in convert() is missing flags to prevent XML External Entity (XXE) attacks, as demonstrated by /ServerView.

CVE-2017-18197

CVSS3: 4.8

redhat

около 8 лет назад

In mxGraphViewImageReader.java in mxGraph before 3.7.6, the SAXParserFactory instance in convert() is missing flags to prevent XML External Entity (XXE) attacks, as demonstrated by /ServerView.

CVE-2017-18197

CVSS3: 9.8

nvd

почти 8 лет назад

In mxGraphViewImageReader.java in mxGraph before 3.7.6, the SAXParserFactory instance in convert() is missing flags to prevent XML External Entity (XXE) attacks, as demonstrated by /ServerView.

CVE-2017-18197

CVSS3: 9.8

debian

почти 8 лет назад

In mxGraphViewImageReader.java in mxGraph before 3.7.6, the SAXParserF ...

openSUSE-SU-2018:0616-1

suse-cvrf

почти 8 лет назад

Security update for jgraphx

EPSS

Процентиль: 63%

0.0044

Низкий

9.8 Critical

CVSS3

CVE ID

CVE-2017-18197

Дефекты

CWE-611