Skip to main content

Any23

4 CVEs product

Monthly

CVE-2023-34150 Maven MEDIUM This Month

** UNSUPPORTED WHEN ASSIGNED ** Use of TikaEncodingDetector in Apache Any23 can cause excessive memory usage. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Any23
NVD
CVSS 3.1
5.3
EPSS
1.5%
CVE-2022-25312 Maven CRITICAL PATCH Act Now

An XML external entity (XXE) injection vulnerability was discovered in the Any23 RDFa XSLTStylesheet extractor and is known to affect Any23 versions < 2.7. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache XXE Any23
NVD
CVSS 3.1
9.1
EPSS
2.8%
CVE-2021-40146 Maven CRITICAL PATCH Act Now

A Remote Code Execution (RCE) vulnerability was discovered in the Any23 YAMLExtractor.java file and is known to affect Any23 versions < 2.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Java Any23
NVD
CVSS 3.1
9.8
EPSS
5.7%
CVE-2021-38555 Maven CRITICAL PATCH Act Now

An XML external entity (XXE) injection vulnerability was discovered in the Any23 StreamUtils.java file and is known to affect Any23 versions < 2.5. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Java Any23
NVD
CVSS 3.1
9.1
EPSS
2.8%
EPSS 1% CVSS 5.3
MEDIUM This Month

** UNSUPPORTED WHEN ASSIGNED ** Use of TikaEncodingDetector in Apache Any23 can cause excessive memory usage. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Any23
NVD
EPSS 3% CVSS 9.1
CRITICAL PATCH Act Now

An XML external entity (XXE) injection vulnerability was discovered in the Any23 RDFa XSLTStylesheet extractor and is known to affect Any23 versions < 2.7. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache XXE Any23
NVD
EPSS 6% CVSS 9.8
CRITICAL PATCH Act Now

A Remote Code Execution (RCE) vulnerability was discovered in the Any23 YAMLExtractor.java file and is known to affect Any23 versions < 2.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Java Any23
NVD
EPSS 3% CVSS 9.1
CRITICAL PATCH Act Now

An XML external entity (XXE) injection vulnerability was discovered in the Any23 StreamUtils.java file and is known to affect Any23 versions < 2.5. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Java Any23
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy