Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS02anZ3LXJwdzQtZ2o0eM4AAe8S
Apache Shindig PHP Sensitive Information Disclosure
The gadget renderer in Apache Shindig 2.5.0 for PHP allows remote attackers to obtain sensitive information via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
Permalink: https://github.com/advisories/GHSA-6jvw-rpw4-gj4xJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS02anZ3LXJwdzQtZ2o0eM4AAe8S
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: almost 2 years ago
Updated: 9 months ago
CVSS Score: 5.3
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Identifiers: GHSA-6jvw-rpw4-gj4x, CVE-2013-4295
References:
- https://nvd.nist.gov/vuln/detail/CVE-2013-4295
- http://archives.neohapsis.com/archives/bugtraq/2013-10/0104.html
- http://shindig.apache.org/security.html
- http://www.securityfocus.com/bid/63260
- https://github.com/advisories/GHSA-6jvw-rpw4-gj4x
Affected Packages
maven:org.apache.shindig:shindig-php
Dependent packages: 0Dependent repositories: 0
Downloads:
Affected Version Ranges: >= 2.5.0-beta1, < 2.5.0-update1
Fixed in: 2.5.0-update1
All affected versions: 2.5.0-beta1, 2.5.0-beta2, 2.5.0-beta3, 2.5.0-beta4, 2.5.0-beta5, 2.5.0-beta6
All unaffected versions: 2.0.2, 2.5.0