GHSA-fxhp-wrw9-3r97

Source

https://github.com/advisories/GHSA-fxhp-wrw9-3r97

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/03/GHSA-fxhp-wrw9-3r97/GHSA-fxhp-wrw9-3r97.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-fxhp-wrw9-3r97

Aliases

CVE-2021-23901

Published

2022-03-18T17:46:29Z

Modified

2024-02-17T05:21:10.001015Z

Severity

9.1 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS Calculator

Summary

XML external entity (XXE) injection in Apache Nutch

Details

An XML external entity (XXE) injection vulnerability was discovered in the Nutch DmozParser and is known to affect Nutch versions < 1.18. XML external entity injection (also known as XXE) is a web security vulnerability that allows an attacker to interfere with an application's processing of XML data. It often allows an attacker to view files on the application server filesystem, and to interact with any back-end or external systems that the application itself can access. This issue is fixed in Apache Nutch 1.18.

Database specific

{
    "nvd_published_at": "2021-01-25T10:16:00Z",
    "cwe_ids": [
        "CWE-611"
    ],
    "severity": "CRITICAL",
    "github_reviewed": true,
    "github_reviewed_at": "2021-04-06T19:54:36Z"
}

References

Affected packages

Maven / org.apache.nutch:nutch

Package

Name: org.apache.nutch:nutch; View open source insights on deps.dev
Purl: pkg:maven/org.apache.nutch/nutch

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.18

Affected versions

1.*

1.3

1.4

1.5

1.5.1

1.6

1.7

1.8

1.9

1.10

1.11

1.12

1.13

1.14

1.15

1.16

1.17