Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS1qcThjLWo0N2MtdnZ3bc4AAvAR

Apache SOAP's RPCRouterServlet allows reading of arbitrary files over HTTP

An Improper Restriction of XML External Entity Reference vulnerability in RPCRouterServlet of Apache SOAP allows an attacker to read arbitrary files over HTTP. This issue affects Apache SOAP version 2.2 and later versions. It is unknown whether previous versions are also affected. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Permalink: https://github.com/advisories/GHSA-jq8c-j47c-vvwm
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1qcThjLWo0N2MtdnZ3bc4AAvAR
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: almost 2 years ago
Updated: over 1 year ago


CVSS Score: 7.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Identifiers: GHSA-jq8c-j47c-vvwm, CVE-2022-40705
References: Blast Radius: 14.4

Affected Packages

maven:soap:soap
Dependent packages: 20
Dependent repositories: 83
Downloads:
Affected Version Ranges: >= 2.2, <= 2.3.1
No known fixed version
All affected versions: 2.3.1