Date: Fri, 11 Sep 2020 11:58:42 +0200 From: Cédric Damioli <cdamioli@...che.org> To: oss-security@...ts.openwall.com Subject: [CVE-2020-11991] Apache Cocoon security vulnerability [CVE-2020-11991] Apache Cocoon security vulnerability Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Cocoon up to 2.1.12 Description: When using the StreamGenerator, the code parse a user-provided XML. A specially crafted XML, including external system entities, could be used to access any file on the server system. Mitigation: The StreamGenerator now ignores external entities. 2.1.x users should upgrade to 2.1.13 Example: With the following input : <!--?xml version="1.0" ?--> <!DOCTYPE replace [<!ENTITY ent SYSTEM "file:///etc/shadow"> ]> <userInfo> <firstName>John</firstName> <lastName>&ent;</lastName> </userInfo> an attacker got the content of /etc/shadow Credit: This issue was discovered by Nassim Asrir. Regards, -- Cédric Damioli
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.