GHSA-77hp-pfxw-4w63

Suggest an improvement
Source
https://github.com/advisories/GHSA-77hp-pfxw-4w63
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/12/GHSA-77hp-pfxw-4w63/GHSA-77hp-pfxw-4w63.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-77hp-pfxw-4w63
Aliases
Published
2018-12-20T22:02:09Z
Modified
2024-02-16T08:13:08.613833Z
Severity
  • 10.0 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CVSS Calculator
Summary
XML External Entity (XXE) vulnerability in codelibs fess
Details

codelibs fess version before commit faa265b contains a XML External Entity (XXE) vulnerability in GSA XML file parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via specially crafted GSA XML files. This vulnerability appears to have been fixed in after commit faa265b.

References

Affected packages

Maven / org.codelibs.fess:fess

Package

Name
org.codelibs.fess:fess
View open source insights on deps.dev
Purl
pkg:maven/org.codelibs.fess/fess

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
12.3.2

Affected versions

10.*

10.2.1
10.2.2
10.2.3
10.3.0-beta1
10.3.0
10.3.1
10.3.2
10.3.3
10.3.4
10.3.5

11.*

11.0.0
11.0.1
11.0.2
11.0.3
11.0.4
11.0.5
11.1.0
11.1.1
11.1.2
11.2.0
11.2.1
11.2.2
11.2.3
11.3.0
11.3.1
11.3.2
11.3.3
11.3.4
11.4.0
11.4.1
11.4.2
11.4.3
11.4.4
11.4.5
11.4.6
11.4.7
11.4.8
11.4.9
11.4.10
11.4.11
11.4.12

12.*

12.0.0
12.0.1
12.0.2
12.0.3
12.0.4
12.1.0
12.1.1
12.1.2
12.1.3
12.1.4
12.1.5
12.2.0
12.2.1
12.2.2
12.2.3
12.3.0
12.3.1