WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2014-5325 Vulnerability in maven package org.directwebremoting:dwr

Description

The (1) DOMConverter, (2) JDOMConverter, (3) DOM4JConverter, and (4) XOMConverter functions in Direct Web Remoting (DWR) through 2.0.10 and 3.x through 3.0.RC2 allow remote attackers to read arbitrary files via DOM data containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Remediation

References

http://jvndb.jvn.jp/jvndb/JVNDB-2014-000117

http://jvn.jp/en/jp/JVN91502163/index.html

http://www.securityfocus.com/bid/71093

Related Vulnerabilities

CVE-2018-1000145 Vulnerability in maven package org.jvnet.hudson.plugins:perforce

CVE-2017-16064 Vulnerability in npm package node-openssl

CVE-2023-25164 Vulnerability in npm package @tinacms/cli

CVE-2022-31069 Vulnerability in npm package @finastra/nestjs-proxy

CVE-2018-1000142 Vulnerability in maven package org.jenkins-ci.plugins:ghprb

Severity

Critical

Classification

CWE-200