Skip to main content

Xmlsec

1 CVEs product

Monthly

CVE-2017-1000061 HIGH PATCH This Week

xmlsec 1.2.23 and before is vulnerable to XML External Entity Expansion when parsing crafted input documents, resulting in possible information disclosure or denial of service. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

Denial Of Service XXE Information Disclosure Xmlsec
NVD GitHub
CVSS 3.0
7.1
EPSS
0.6%
EPSS 1% CVSS 7.1
HIGH PATCH This Week

xmlsec 1.2.23 and before is vulnerable to XML External Entity Expansion when parsing crafted input documents, resulting in possible information disclosure or denial of service. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

Denial Of Service XXE Information Disclosure +1
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy