Description

jaxb/JaxbEngine.java in Pippo 1.11.0 allows XXE.

Remediation

References

https://github.com/pippo-java/pippo/issues/486

Related Vulnerabilities

CVE-2018-1000615 Vulnerability in maven package org.onosproject:onos-ovsdb

CVE-2023-48711 Vulnerability in npm package google-translate-api-browser

CVE-2023-44981 Vulnerability in maven package org.apache.zookeeper:zookeeper

CVE-2022-33140 Vulnerability in maven package org.apache.nifi.registry:nifi-registry-framework

CVE-2020-7760 Vulnerability in maven package org.webjars.bowergithub.components:codemirror

Severity

Critical

Classification

CWE-611 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Issue Tracking Exploit Third Party Advisory