Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXF2MzItN3I2cC14aGho
Moderate severity vulnerability that affects com.adobe.xmp:xmpcore
XMPCore in Adobe XMP Toolkit for Java before 5.1.3 allows remote attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
Permalink: https://github.com/advisories/GHSA-qv32-7r6p-xhhhJSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXF2MzItN3I2cC14aGho
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: about 6 years ago
Updated: almost 2 years ago
CVSS Score: 7.5
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Percentage: 0.00449
EPSS Percentile: 0.74772
Identifiers: GHSA-qv32-7r6p-xhhh, CVE-2016-4216
References:
- https://nvd.nist.gov/vuln/detail/CVE-2016-4216
- https://github.com/advisories/GHSA-qv32-7r6p-xhhh
- https://helpx.adobe.com/security/products/xmpcore/apsb16-24.html
- http://www.securityfocus.com/bid/91717
Affected Packages
maven:com.adobe.xmp:xmpcore
Dependent packages: 46Dependent repositories: 185
Downloads:
Affected Version Ranges: < 5.1.3
Fixed in: 5.1.3
All affected versions: 5.1.0, 5.1.1
All unaffected versions: 5.1.3, 6.0.4, 6.0.6, 6.1.6, 6.1.8, 6.1.10, 6.1.11