GHSA-jxm5-5xcw-h57q
Suggest an improvement- Source
- https://github.com/advisories/GHSA-jxm5-5xcw-h57q
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/12/GHSA-jxm5-5xcw-h57q/GHSA-jxm5-5xcw-h57q.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-jxm5-5xcw-h57q
- Aliases
- Published
- 2018-12-20T22:02:17Z
- Modified
- 2024-02-19T05:33:45.559912Z
- Severity
-
- 10.0 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CVSS Calculator
- Summary
- exist-db:exist-core XML External Entity (XXE) vulnerability
- Details
-
exist version <= 5.0.0-RC4 contains a XML External Entity (XXE) vulnerability in XML Parser for REST Server that can result in Disclosure of confidential data, denial of service, SSRF, port scanning.
- Database specific
{ "nvd_published_at": null, "cwe_ids": [ "CWE-611" ], "severity": "CRITICAL", "github_reviewed": true, "github_reviewed_at": "2020-06-16T21:44:26Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2018-1000823
- https://github.com/eXist-db/exist/issues/2180
- https://github.com/eXist-db/exist/pull/2243
- https://github.com/eXist-db/exist/pull/2247
- https://github.com/eXist-db/exist/commit/1c3f0aec14d00bdbca175713af70cb7c7b868e9f
- https://github.com/eXist-db/exist/commit/b210f9fbf379b68842f2b055dda80d7e7479e96f
- https://0dd.zone/2018/10/27/exist-XXE
- https://github.com/advisories/GHSA-jxm5-5xcw-h57q
- https://github.com/eXist-db/exist
Affected packages
Maven / org.exist-db:exist-core
Package
- Name
- org.exist-db:exist-core
- View open source insights on deps.dev
- Purl
- pkg:maven/org.exist-db/exist-core