PT-2023-31312 · Apache · Apache Cocoon

Cédric Damioli

Published

2023-11-30

Updated

2023-12-07

CVE-2023-49733

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Apache Cocoon versions 2.2.0 through 2.2.x before 2.3.0 Apache Cocoon version 2.2.0

Description The issue is related to an Improper Restriction of XML External Entity Reference, which allows users to inject malicious code into XML documents. This can lead to Remote Code Execution (RCE). Users are advised to upgrade to a fixed version to resolve the issue.

Recommendations For Apache Cocoon versions 2.2.0 through 2.2.x before 2.3.0, upgrade to version 2.3.0, which fixes the issue. For Apache Cocoon version 2.2.0, upgrade to version 2.3.0, which fixes the issue.

Fix

XXE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-611

Related Identifiers

CVE-2023-49733

GHSA-77JG-CPW9-73VG

Affected Products

Apache Cocoon

PT-2023-31312 · Apache · Apache Cocoon

CVE-2023-49733

Weakness Enumeration

Related Identifiers

Affected Products

References · 10