Описание
In Eclipse Sphinx™ before version 0.13.1, Apache Xerces XML Parser was used without disabling processing of referenced external entities allowing the injection of arbitrary definitions which is able to access local files and expose their contents via HTTP requests.
Уязвимые конфигурации
Конфигурация 1Версия от 0.7.0 (включая) до 0.13.1 (исключая)
cpe:2.3:a:eclipse:sphinx:*:*:*:*:*:*:*:*
EPSS
Процентиль: 42%
0.00195
Низкий
5.3 Medium
CVSS3
Дефекты
CWE-611
CWE-611
Связанные уязвимости
CVSS3: 5.3
github
больше 3 лет назад
In Eclipse Sphinx™ before version 0.13.1, Apache Xerces XML Parser was used without disabling processing of referenced external entities allowing the injection of arbitrary definitions which is able to access local files and expose their contents via HTTP requests.
EPSS
Процентиль: 42%
0.00195
Низкий
5.3 Medium
CVSS3
Дефекты
CWE-611
CWE-611