GHSA-jq8c-j47c-vvwm

Source

https://github.com/advisories/GHSA-jq8c-j47c-vvwm

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/09/GHSA-jq8c-j47c-vvwm/GHSA-jq8c-j47c-vvwm.json

Aliases

CVE-2022-40705

Published

2022-09-23T00:00:46Z

Modified

2023-11-08T04:10:24.874272Z

Details

An Improper Restriction of XML External Entity Reference vulnerability in RPCRouterServlet of Apache SOAP allows an attacker to read arbitrary files over HTTP. This issue affects Apache SOAP version 2.2 and later versions. It is unknown whether previous versions are also affected. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

References

https://nvd.nist.gov/vuln/detail/CVE-2022-40705
https://lists.apache.org/thread/02yo04w93rdjmllz4454lvodn5xzhwhl
http://www.openwall.com/lists/oss-security/2022/09/22/1

Affected packages

Maven / soap:soap

Package

Name: soap:soap

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.2

Last affected

2.3.1

Affected versions

2.*

2.2

2.3

2.3.1