org.exist-db:exist-core@5.0.0-RC8 vulnerabilities

latest version

6.2.0
latest non vulnerable version

6.2.0
first published

5 years ago
latest version published

a year ago
licenses detected
- LGPL-2.1
  [5.0.0-RC8,)
package manager

View on Maven Repository

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the org.exist-db:exist-core package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
C XML External Entity (XXE) Injection org.exist-db:exist-core is an eXist-db NoSQL Database Core Affected versions of this package are vulnerable to XML External Entity (XXE) Injection. The library contains a XML External Entity (XXE) vulnerability in XML Parser for REST Server via the use of `XMLReader`. This can result in disclosure of confidential data, denial of service, SSRF, port scanning. How to fix XML External Entity (XXE) Injection? Upgrade `org.exist-db:exist-core` to version 5.0.0 or higher.	[,5.0.0)

XML External Entity (XXE) Injection

org.exist-db:exist-core is an eXist-db NoSQL Database Core

Affected versions of this package are vulnerable to XML External Entity (XXE) Injection. The library contains a XML External Entity (XXE) vulnerability in XML Parser for REST Server via the use of XMLReader. This can result in disclosure of confidential data, denial of service, SSRF, port scanning.

How to fix XML External Entity (XXE) Injection?

Upgrade org.exist-db:exist-core to version 5.0.0 or higher.

[,5.0.0)

Go back to all versions of this package

org.exist-db:exist-core@5.0.0-RC8 vulnerabilities

latest version

latest non vulnerable version

first published

latest version published

licenses detected

package manager

Direct Vulnerabilities