Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-33950: XXE injection security vulnerability · openkm/document-management-system@ce1d823

An issue discovered in OpenKM v6.3.10 allows attackers to obtain sensitive information via the XMLTextExtractor function.

CVE
Open in Source
#vulnerability#apache

@@ -69,8 +69,10 @@ public String extractText(InputStream stream, String type, String encoding) thro saxParserFactory.setValidating(false); SAXParser saxParser = saxParserFactory.newSAXParser(); XMLReader xmlReader = saxParser.getXMLReader(); xmlReader.setFeature("http://xml.org/sax/features/validation", false); xmlReader.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false); xmlReader.setFeature("http://xml.org/sax/features/external-parameter-entities", false); xmlReader.setFeature("http://xml.org/sax/features/external-general-entities", false); xmlReader.setFeature("http://xml.org/sax/features/validation", false);
ZipInputStream zis = new ZipInputStream(stream); ZipEntry ze = zis.getNextEntry();

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE