漏洞标题
在Apache Any23 StreamUtils.java中存在一个XML外部实体(XXE)注入漏洞。
漏洞描述信息
Apache Any23的StreamUtils.java存在一个XML外部实体(XXE)注入漏洞
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
漏洞类别
N/A
漏洞标题
An XML external entity (XXE) injection vulnerability exists in Apache Any23 StreamUtils.java
漏洞描述信息
An XML external entity (XXE) injection vulnerability was discovered in the Any23 StreamUtils.java file and is known to affect Any23 versions < 2.5. XML external entity injection (also known as XXE) is a web security vulnerability that allows an attacker to interfere with an application's processing of XML data. It often allows an attacker to view files on the application server filesystem, and to interact with any back-end or external systems that the application itself can access.
CVSS信息
N/A
漏洞类别
N/A
漏洞标题
Anything To Triples 代码问题漏洞
漏洞描述信息
Anything To Triples(any23)是美国阿帕奇(Apache)基金会的一个应用软件。一个库、一个 Web 服务和一个命令行工具,可从各种 Web 文档中提取 RDF 格式的结构化数据。 Anything To Triples 存在代码问题漏洞,该漏洞源于Any23 StreamUtils.java 文件中发现了一个 XML 外部实体 (XXE) 注入漏洞。
CVSS信息
N/A
漏洞类别
代码问题