Описание
XBRL data create application version 7.0 and earlier improperly restricts XML external entity references (XXE). By processing a specially crafted XBRL file, arbitrary files on the system may be read by an attacker.
Ссылки
- Third Party Advisory
- Product
- Third Party Advisory
- Product
Уязвимые конфигурации
Конфигурация 1Версия до 7.0 (включая)
cpe:2.3:a:edinet-fsa:xbrl_data_create:*:*:*:*:*:*:*:*
EPSS
Процентиль: 5%
0.00022
Низкий
5.5 Medium
CVSS3
Дефекты
CWE-611
Связанные уязвимости
CVSS3: 5.5
github
больше 2 лет назад
XBRL data create application version 7.0 and earlier improperly restricts XML external entity references (XXE). By processing a specially crafted XBRL file, arbitrary files on the system may be read by an attacker.
EPSS
Процентиль: 5%
0.00022
Низкий
5.5 Medium
CVSS3
Дефекты
CWE-611