Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-cr8h-fr86-8vfv: WSO2 products vulnerable to XML External Entity attack

Multiple WSO2 products have been identified as vulnerable due to an XML External Entity (XXE) attack abuses a widely available but rarely used feature of XML parsers to access sensitive information.

ghsa
#vulnerability#git#java#maven

Skip to content

    • Actions

      Automate any workflow

    • Packages

      Host and manage packages

    • Security

      Find and fix vulnerabilities

    • Codespaces

      Instant dev environments

    • Copilot

      Write better code with AI

    • Code review

      Manage code changes

    • Issues

      Plan and track work

    • Discussions

      Collaborate outside of code

    • GitHub Sponsors

      Fund open source developers

*   The ReadME Project
    
    GitHub community articles
  • Pricing
  1. GitHub Advisory Database
  2. GitHub Reviewed
  3. CVE-2023-6836

WSO2 products vulnerable to XML External Entity attack

Moderate severity GitHub Reviewed Published Dec 15, 2023 to the GitHub Advisory Database • Updated Dec 19, 2023

Package

maven org.wso2.am:wso2am (Maven)

Affected versions

< 4.0.0-beta

Patched versions

4.0.0-beta

maven org.wso2.carbon.analytics-common:org.wso2.carbon.event.input.adapter.core (Maven)

maven org.wso2.carbon.commons:org.wso2.carbon.ntask.core (Maven)

maven org.wso2.carbon.event-processing:org.wso2.carbon.event.processor.core (Maven)

maven org.wso2.carbon.governance:org.wso2.carbon.governance.common (Maven)

maven org.wso2.carbon.registry:org.wso2.carbon.registry.extensions (Maven)

Description

Published to the GitHub Advisory Database

Dec 15, 2023

Last updated

Dec 19, 2023

Related news

CVE-2023-6836

Multiple WSO2 products have been identified as vulnerable due to an XML External Entity (XXE) attack abuses a widely available but rarely used feature of XML parsers to access sensitive information.