Skip to main content

Commons Jelly

1 CVEs product

Monthly

CVE-2017-12621 Maven CRITICAL PATCH Act Now

During Jelly (xml) file parsing with Apache Xerces, if a custom doctype entity is declared with a "SYSTEM" entity with a URL and that entity is used in the body of the Jelly file, during parser. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Apache Commons Jelly
NVD
CVSS 3.1
9.8
EPSS
0.8%
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

During Jelly (xml) file parsing with Apache Xerces, if a custom doctype entity is declared with a "SYSTEM" entity with a URL and that entity is used in the body of the Jelly file, during parser. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Apache Commons Jelly
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy