exploitDog

CVE-2021-44556

Опубликовано: 08 дек. 2021

Источник: nvd

CVSS3: 9.1

CVSS2: 6.4

EPSS Низкий

Описание

National Library of the Netherlands digger < 6697d1269d981e35e11f240725b16401b5ce3db5 is affected by a XML External Entity (XXE) vulnerability. Since XML parsing resolves external entities, a malicious XML stream could leak internal files and/or cause a DoS.

Ссылки

https://github.com/KBNLresearch/digger
Product
Third Party Advisory
https://github.com/KBNLresearch/digger/pull/1
Patch
Third Party Advisory
https://github.com/KBNLresearch/digger
Product
Third Party Advisory
https://github.com/KBNLresearch/digger/pull/1
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:kb:digger:*:*:*:*:*:*:*:*

Версия до 08-25-2021 (исключая)

EPSS

Процентиль: 62%

0.00426

Низкий

9.1 Critical

CVSS3

6.4 Medium

CVSS2

Дефекты

CWE-611

Связанные уязвимости

GHSA-qrff-fqpr-45f9

github

около 4 лет назад

National Library of the Netherlands digger < 6697d1269d981e35e11f240725b16401b5ce3db5 is affected by a XML External Entity (XXE) vulnerability. Since XML parsing resolves external entities, a malicious XML stream could leak internal files and/or cause a DoS.

EPSS

Процентиль: 62%

0.00426

Низкий

9.1 Critical

CVSS3

6.4 Medium

CVSS2

Дефекты

CWE-611