PT-2018-5242 · Xmlbundle · Xmlbundle

Prodigysml

·

Published

2018-01-03

·

Updated

2022-05-14

·

CVE-2017-1000477

CVSS v3.1

7.5

High

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions XMLBundle version 0.1.7
Description The issue allows for XXE attacks, which can lead to denial of service attacks.
Recommendations For XMLBundle version 0.1.7, consider disabling the XML parsing functionality to prevent XXE attacks until a patch is available.

Exploit

Fix

XXE

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-611

Related Identifiers

CVE-2017-1000477
GHSA-QVWF-W35M-6R95

Affected Products

Xmlbundle