CVE-2021-23926

CVSS v2.0

9.4

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:N/A:C

Name of the Vulnerable Software and Affected Versions Apache XMLBeans versions up to and including 2.6.0

Description The issue is related to errors in processing XML entities in the Java-to-XML Apache XMLBeans tool. This can allow a remote attacker to cause a denial of service or disclose protected information. The XML parsers used by XMLBeans did not set the necessary properties to protect against malicious XML input, making them vulnerable to XML Entity Expansion attacks.

Recommendations For Apache XMLBeans versions up to and including 2.6.0, update to a version later than 2.6.0 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

XML Entity Expansion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-776

Related Identifiers

BDU:2022-05231

CVE-2021-23926

DLA-2693-1

GHSA-MW3R-PFMG-XP92

OESA-2021-1077

OPENSUSE-SU-2022_3875-1

OPENSUSE-SU-2024:12455-1

SUSE-SU-2022:3875-1

SUSE-SU-2022:3876-1

SUSE-SU-2022_3875-1

SUSE-SU-2022_3876-1

Affected Products

Apache Xmlbeans

Suse

CVE-2021-23926

Weakness Enumeration

Related Identifiers

Affected Products

References · 31