An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS1qcThjLWo0N2MtdnZ3bc4AAvAR

Apache SOAP's RPCRouterServlet allows reading of arbitrary files over HTTP

An Improper Restriction of XML External Entity Reference vulnerability in RPCRouterServlet of Apache SOAP allows an attacker to read arbitrary files over HTTP. This issue affects Apache SOAP version 2.2 and later versions. It is unknown whether previous versions are also affected. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: almost 2 years ago
Updated: over 1 year ago

CVSS Score: 7.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Identifiers: GHSA-jq8c-j47c-vvwm, CVE-2022-40705
References: Blast Radius: 14.4

Affected Packages

Dependent packages: 20
Dependent repositories: 83
Affected Version Ranges: >= 2.2, <= 2.3.1
No known fixed version
All affected versions: 2.3.1