CVE-2017-18197

Опубликовано: 24 фев. 2018

Источник: ubuntu

Приоритет: medium

EPSS Низкий

CVSS2: 7.5

CVSS3: 9.8

Описание

In mxGraphViewImageReader.java in mxGraph before 3.7.6, the SAXParserFactory instance in convert() is missing flags to prevent XML External Entity (XXE) attacks, as demonstrated by /ServerView.

Релиз	Статус	Примечание
artful	ignored	end of life
bionic	ignored	end of standard support, was needed
cosmic	ignored	end of life
devel	not-affected	2.1.0.7-2
disco	not-affected	2.1.0.7-2
eoan	not-affected	2.1.0.7-2
esm-apps/bionic	needed
esm-apps/focal	not-affected	2.1.0.7-2
esm-apps/jammy	not-affected	2.1.0.7-2
esm-apps/noble	not-affected	2.1.0.7-2

Показывать по

Ссылки на источники

EPSS

Процентиль: 63%

0.0044

Низкий

7.5 High

CVSS2

9.8 Critical

CVSS3

Связанные уязвимости

CVE-2017-18197

CVSS3: 4.8

redhat

около 8 лет назад

In mxGraphViewImageReader.java in mxGraph before 3.7.6, the SAXParserFactory instance in convert() is missing flags to prevent XML External Entity (XXE) attacks, as demonstrated by /ServerView.

CVE-2017-18197

CVSS3: 9.8

nvd

почти 8 лет назад

In mxGraphViewImageReader.java in mxGraph before 3.7.6, the SAXParserFactory instance in convert() is missing flags to prevent XML External Entity (XXE) attacks, as demonstrated by /ServerView.

CVE-2017-18197

CVSS3: 9.8

debian

почти 8 лет назад

In mxGraphViewImageReader.java in mxGraph before 3.7.6, the SAXParserF ...

openSUSE-SU-2018:0616-1

suse-cvrf

почти 8 лет назад

Security update for jgraphx

GHSA-wvpv-8524-wg6x

CVSS3: 9.8

github

больше 3 лет назад

mxGraph vulnerable to XXE attacks

EPSS

Процентиль: 63%

0.0044

Низкий

7.5 High

CVSS2

9.8 Critical

CVSS3

CVE-2017-18197

Описание

Пакет libjgraphx-java

Ссылки на источники

Связанные уязвимости