CVE-2020-11991

When using the StreamGenerator, the code parse a user-provided XML. A specially crafted XML, including external system entities, could be used to access any file on the server system.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:apache:cocoon:*:*:*:*:*:*:*:*

Information

Published : 2020-09-11 07:15

Updated : 2020-09-17 09:37


NVD link : CVE-2020-11991

Mitre link : CVE-2020-11991


JSON object : View

CWE
CWE-611

Improper Restriction of XML External Entity Reference

Advertisement

dedicated server usa

Products Affected

apache

  • cocoon