PT-2021-11262 · Easy-Xml · Easy-Xml
Published
2021-10-31
·
Updated
2022-10-27
·
CVE-2020-26705
CVSS v3.1
9.1
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H |
Name of the Vulnerable Software and Affected Versions:
Easy-XML version 0.5.0
Description:
The issue allows an attacker to expose sensitive data or perform a denial of service via a crafted external entity entered into the XML content as input. This is due to a XML External Entity (XXE) vulnerability in the
parseXML function.Recommendations:
For Easy-XML version 0.5.0, consider disabling the
parseXML function until a patch is available to prevent potential exploitation.Fix
XXE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Easy-Xml