Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS03ZzU0LXZncDYtamo1d84AAbIc
XML External Entity Reference in Apache Sling
In the XSS Protection API module before 1.0.12 in Apache Sling, the method XSS.getValidXML() uses an insecure SAX parser to validate the input string, which allows for XXE attacks in all scripts which use this method to validate user input, potentially allowing an attacker to read sensitive data on the filesystem, perform same-site-request-forgery (SSRF), port-scanning behind the firewall or DoS the application.
Permalink: https://github.com/advisories/GHSA-7g54-vgp6-jj5wJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS03ZzU0LXZncDYtamo1d84AAbIc
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Critical
Classification: General
Published: over 2 years ago
Updated: about 1 year ago
CVSS Score: 9.8
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Percentage: 0.00096
EPSS Percentile: 0.41512
Identifiers: GHSA-7g54-vgp6-jj5w, CVE-2016-6798
References:
- https://nvd.nist.gov/vuln/detail/CVE-2016-6798
- https://lists.apache.org/thread.html/b72c3a511592ec70729b3ec2d29302b6ce87bbeab62d4745617a6bd0@%3Cdev.sling.apache.org%3E
- http://www.securityfocus.com/bid/99873
- https://github.com/apache/sling-org-apache-sling-xss/commit/de32b144ad2be3367559f6184d560db42a220529
- https://github.com/jensdietrich/xshady-release/tree/main/CVE-2016-6798
- https://github.com/advisories/GHSA-7g54-vgp6-jj5w
Blast Radius: 14.2
Affected Packages
maven:org.apache.sling:org.apache.sling.xss.compat
Dependent packages: 0Dependent repositories: 0
Downloads:
Affected Version Ranges: < 1.1.0
Fixed in: 1.1.0
All affected versions: 1.0.0
All unaffected versions: 1.1.0
maven:org.apache.sling:org.apache.sling.xss
Dependent packages: 36Dependent repositories: 28
Downloads:
Affected Version Ranges: < 1.0.12
Fixed in: 1.0.12
All affected versions: 1.0.0, 1.0.2, 1.0.4, 1.0.6, 1.0.8
All unaffected versions: 1.0.12, 1.0.14, 1.0.16, 1.0.18, 2.0.0, 2.0.4, 2.0.6, 2.0.8, 2.0.10, 2.0.12, 2.0.14, 2.1.0, 2.1.6, 2.1.8, 2.1.10, 2.1.16, 2.1.18, 2.2.0, 2.2.2, 2.2.6, 2.2.8, 2.2.10, 2.2.12, 2.2.14, 2.2.16, 2.2.18, 2.2.20, 2.3.0, 2.3.2, 2.3.4, 2.3.6, 2.3.8, 2.4.0, 2.4.2