Findings for Container Security, Low, [TheRedHatter/javagoof:Dockerfile]:XML External Entity (XXE) Injection
Created by: armorcodegithubpreprod[bot]
Findings for Container Security, Low, [TheRedHatter/javagoof:Dockerfile]:XML External Entity (XXE) Injection
Component Details
- Exploit Maturity: no-known-exploit
- Vulnerable Package: -
- Current Version: -
- Vulnerable Version(s): >*
- Vulnerable Path: >null
NVD Description
Note:
Versions mentioned in the description apply to the upstream expat package.
expat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed, and each affected application would need its own CVE.
References
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- Debian Security Tracker
- FULLDISC
- FULLDISC
- FULLDISC
- FULLDISC
- FULLDISC
- FULLDISC
- Gentoo Security Advisory
- http://securitytracker.com/id?1028213
- MLIST
- MLIST
- MLIST
- OSS security Advisory
- OSS security Advisory
- Security Focus
Origin : null Type : null Image Id : null
Snyk Project Status: Active