CVE-2021-1630

Source
https://cve.org/CVERecord?id=CVE-2021-1630
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-1630.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-1630
Published
2021-08-05T21:15:10.003Z
Modified
2026-04-11T21:23:20.849377Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

XML external entity (XXE) vulnerability affecting certain versions of a Mule runtime component that may affect CloudHub, GovCloud, Runtime Fabric, Pivotal Cloud Foundry, Private Cloud Edition, and on-premise customers.

References

Affected packages

Git / github.com/mulesoft/mule

Affected ranges

Type
GIT
Repo
https://github.com/mulesoft/mule
Events
Database specific
{
    "versions": [
        {
            "introduced": "3.0.0"
        },
        {
            "fixed": "4.3.0"
        }
    ]
}

Database specific

vanir_signatures
[
    {
        "id": "CVE-2021-1630-251402a3",
        "target": {
            "file": "core-tests/src/test/java/org/mule/runtime/core/internal/execution/FlowProcessMediatorTestCase.java"
        },
        "signature_version": "v1",
        "source": "https://github.com/mulesoft/mule/commit/4a7afd99415c8cf55d5457f7669f6e83b800a7bb",
        "signature_type": "Line",
        "digest": {
            "line_hashes": [
                "206013660405118472099462306571550273066",
                "322805366210000275933584203637163022112",
                "281490025932657788537477237418045772419",
                "187119944019147953453932228628449550368",
                "317779795611048870212140154797763515379",
                "129159956497433075458720797567502853154",
                "76018829777303738080019715477886483478",
                "187175473493017642334168869306889163594"
            ],
            "threshold": 0.9
        },
        "deprecated": false
    },
    {
        "id": "CVE-2021-1630-e66e789d",
        "target": {
            "file": "core/src/main/java/org/mule/runtime/core/internal/execution/FlowProcessMediator.java"
        },
        "signature_version": "v1",
        "source": "https://github.com/mulesoft/mule/commit/4a7afd99415c8cf55d5457f7669f6e83b800a7bb",
        "signature_type": "Line",
        "digest": {
            "line_hashes": [
                "206013660405118472099462306571550273066",
                "184908311021442019244910854151327032353",
                "94846224986268267774403823860940932594",
                "258239380244891748134380476374563231598",
                "98778845877682511103407157276538980750",
                "130935276404303902423497125024524374610",
                "258154080277559162823642913928007590043",
                "15550409256088347154559686785146549728"
            ],
            "threshold": 0.9
        },
        "deprecated": false
    }
]
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-1630.json"
vanir_signatures_modified
"2026-04-11T21:23:20Z"