Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS03ZzU0LXZncDYtamo1d84AAbIc

XML External Entity Reference in Apache Sling

In the XSS Protection API module before 1.0.12 in Apache Sling, the method XSS.getValidXML() uses an insecure SAX parser to validate the input string, which allows for XXE attacks in all scripts which use this method to validate user input, potentially allowing an attacker to read sensitive data on the filesystem, perform same-site-request-forgery (SSRF), port-scanning behind the firewall or DoS the application.

Permalink: https://github.com/advisories/GHSA-7g54-vgp6-jj5w
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS03ZzU0LXZncDYtamo1d84AAbIc
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Critical
Classification: General
Published: almost 2 years ago
Updated: 7 months ago

CVSS Score: 9.8
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Identifiers: GHSA-7g54-vgp6-jj5w, CVE-2016-6798
References:

Repository: https://github.com/apache/sling-org-apache-sling-xss
Blast Radius: 14.2

Affected Packages

maven:org.apache.sling:org.apache.sling.xss.compat

Dependent packages: 0
Dependent repositories: 0
Downloads:
Affected Version Ranges: < 1.1.0
Fixed in: 1.1.0
All affected versions: 1.0.0
All unaffected versions: 1.1.0

maven:org.apache.sling:org.apache.sling.xss

Dependent packages: 36
Dependent repositories: 28
Downloads:
Affected Version Ranges: < 1.0.12
Fixed in: 1.0.12
All affected versions: 1.0.0, 1.0.2, 1.0.4, 1.0.6, 1.0.8
All unaffected versions: 1.0.12, 1.0.14, 1.0.16, 1.0.18, 2.0.0, 2.0.4, 2.0.6, 2.0.8, 2.0.10, 2.0.12, 2.0.14, 2.1.0, 2.1.6, 2.1.8, 2.1.10, 2.1.16, 2.1.18, 2.2.0, 2.2.2, 2.2.6, 2.2.8, 2.2.10, 2.2.12, 2.2.14, 2.2.16, 2.2.18, 2.2.20, 2.3.0, 2.3.2, 2.3.4, 2.3.6, 2.3.8, 2.4.0