org.codelibs.fess:fess@12.2.0 vulnerabilities

latest version

14.13.0
latest non vulnerable version

14.13.0
first published

8 years ago
latest version published

23 days ago
licenses detected
- Apache-2.0
  [10.2.1,)
package manager

View on Maven Repository

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the org.codelibs.fess:fess package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
M XML External Entity (XXE) Injection org.codelibs.fess:fess is a Enterprise Search Server. You can install and run Fess quickly on any platforms, which have Java runtime environment. Affected versions of this package are vulnerable to XML External Entity (XXE) Injection. This attack appear to be exploitable via specially crafted GSA XML files, which are parsed by the GSA XML file parser. How to fix XML External Entity (XXE) Injection? Upgrade `org.codelibs.fess:fess` to version 12.2.3, 12.3.2 or higher.	[12.2.0,12.2.3) [12.3.0,12.3.2)

XML External Entity (XXE) Injection

org.codelibs.fess:fess is a Enterprise Search Server. You can install and run Fess quickly on any platforms, which have Java runtime environment.

Affected versions of this package are vulnerable to XML External Entity (XXE) Injection. This attack appear to be exploitable via specially crafted GSA XML files, which are parsed by the GSA XML file parser.

How to fix XML External Entity (XXE) Injection?

Upgrade org.codelibs.fess:fess to version 12.2.3, 12.3.2 or higher.

[12.2.0,12.2.3) [12.3.0,12.3.2)

Go back to all versions of this package

org.codelibs.fess:fess@12.2.0 vulnerabilities

latest version

latest non vulnerable version

first published

latest version published

licenses detected

package manager

Direct Vulnerabilities