PT-2022-11792 · Wuta Jox · Wuta Jox

Novy

Published

2022-03-30

Updated

2022-04-06

CVE-2021-43142

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions wuta jox version 1.16

Description An XML External Entity (XXE) vulnerability exists in the readObject method in JOXSAXBeanInput. This issue allows for the exploitation of XML external entities, potentially leading to unauthorized access to sensitive data. The readObject method is vulnerable, specifically in the context of JOXSAXBeanInput.

Recommendations For wuta jox version 1.16, consider disabling the readObject method in JOXSAXBeanInput until a patch is available to prevent potential exploitation of the XXE vulnerability. Restrict access to the JOXSAXBeanInput module to minimize the risk of exploitation. Avoid using the readObject method in the affected JOXSAXBeanInput class until the issue is resolved.

Exploit

Fix

XXE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-611

Related Identifiers

CVE-2021-43142

GHSA-FCRX-8829-JPQX

Affected Products

Wuta Jox

PT-2022-11792 · Wuta Jox · Wuta Jox

CVE-2021-43142

Weakness Enumeration

Related Identifiers

Affected Products

References · 6