PT-2021-15602 · Apache+1 · Nutch+1

Martin Heyden

Published

2021-01-25

Updated

2022-03-18

CVE-2021-23901

CVSS v3.1

9.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions: Nutch versions prior to 1.18

Description: An XML external entity (XXE) injection issue was discovered in the Nutch DmozParser. This issue allows an attacker to interfere with the application's processing of XML data, potentially enabling them to view files on the application server filesystem and interact with back-end or external systems that the application can access.

Recommendations: For versions prior to 1.18, update to Apache Nutch 1.18 to resolve the issue. As a temporary workaround, consider restricting the use of the DmozParser until a patch is available.

Fix

XXE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-611

Related Identifiers

CVE-2021-23901

GHSA-FXHP-WRW9-3R97

SUSE-SU-2021:0323-1

SUSE-SU-2021:0448-1

Affected Products

Nutch

Suse

PT-2021-15602 · Apache+1 · Nutch+1

CVE-2021-23901

Weakness Enumeration

Related Identifiers

Affected Products

References · 44