exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 5

CVE-2017-12621

больше 8 лет назад

During Jelly (xml) file parsing with Apache Xerces, if a custom doctype entity is declared with a "SYSTEM" entity with a URL and that entity is used in the body of the Jelly file, during parser instantiation the parser will attempt to connect to said URL. This could lead to XML External Entity (XXE) attacks in Apache Commons Jelly before 1.0.1.

CVSS3: 9.8

EPSS: Низкий

CVE-2017-12621

больше 8 лет назад

During Jelly (xml) file parsing with Apache Xerces, if a custom doctype entity is declared with a "SYSTEM" entity with a URL and that entity is used in the body of the Jelly file, during parser instantiation the parser will attempt to connect to said URL. This could lead to XML External Entity (XXE) attacks in Apache Commons Jelly before 1.0.1.

CVSS3: 9.8

EPSS: Низкий

CVE-2017-12621

больше 8 лет назад

During Jelly (xml) file parsing with Apache Xerces, if a custom doctype entity is declared with a "SYSTEM" entity with a URL and that entity is used in the body of the Jelly file, during parser instantiation the parser will attempt to connect to said URL. This could lead to XML External Entity (XXE) attacks in Apache Commons Jelly before 1.0.1.

CVSS3: 9.8

EPSS: Низкий

CVE-2017-12621

больше 8 лет назад

During Jelly (xml) file parsing with Apache Xerces, if a custom doctyp ...

CVSS3: 9.8

EPSS: Низкий

GHSA-6g33-82gc-3pw5

больше 3 лет назад

Improper Restriction of XML External Entity Reference in Jelly

CVSS3: 9.8

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано
CVE-2017-12621 During Jelly (xml) file parsing with Apache Xerces, if a custom doctype entity is declared with a "SYSTEM" entity with a URL and that entity is used in the body of the Jelly file, during parser instantiation the parser will attempt to connect to said URL. This could lead to XML External Entity (XXE) attacks in Apache Commons Jelly before 1.0.1.	CVSS3: 9.8	1% Низкий	больше 8 лет назад
CVE-2017-12621 During Jelly (xml) file parsing with Apache Xerces, if a custom doctype entity is declared with a "SYSTEM" entity with a URL and that entity is used in the body of the Jelly file, during parser instantiation the parser will attempt to connect to said URL. This could lead to XML External Entity (XXE) attacks in Apache Commons Jelly before 1.0.1.	CVSS3: 9.8	1% Низкий	больше 8 лет назад
CVE-2017-12621 During Jelly (xml) file parsing with Apache Xerces, if a custom doctype entity is declared with a "SYSTEM" entity with a URL and that entity is used in the body of the Jelly file, during parser instantiation the parser will attempt to connect to said URL. This could lead to XML External Entity (XXE) attacks in Apache Commons Jelly before 1.0.1.	CVSS3: 9.8	1% Низкий	больше 8 лет назад
CVE-2017-12621 During Jelly (xml) file parsing with Apache Xerces, if a custom doctyp ...	CVSS3: 9.8	1% Низкий	больше 8 лет назад
GHSA-6g33-82gc-3pw5 Improper Restriction of XML External Entity Reference in Jelly	CVSS3: 9.8	1% Низкий	больше 3 лет назад

Уязвимостей на страницу