CVE-2014-125087
MEDIUMjava-xmlbuilder < 1.2 - XML External Entity Injection
Title source: llmDescription
A vulnerability was found in java-xmlbuilder up to 1.1. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to xml external entity reference. Upgrading to version 1.2 is able to address this issue. The name of the patch is e6fddca201790abab4f2c274341c0bb8835c3e73. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-221480.
References (6)
Core 6
Core References
Exploit issue-tracking
https://github.com/jmurty/java-xmlbuilder/issues/6
Vendor Advisory
https://security.netapp.com/advisory/ntap-20240208-0009/
Third Party Advisory vdb-entry
technical-description
https://vuldb.com/?id.221480
Permissions Required, Third Party Advisory signature
permissions-required
https://vuldb.com/?ctiid.221480
Patch patch
https://github.com/jmurty/java-xmlbuilder/commit/e6fddca201790abab4f2c274341c0bb8835c3e73
Release Notes patch
https://github.com/jmurty/java-xmlbuilder/releases/tag/v1.2
Scores
CVSS v3
5.5
EPSS
0.0123
EPSS Percentile
65.1%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Details
CWE
CWE-611
Status
published
Products (2)
com.jamesmurty.utils/java-xmlbuilder
0 - 1.2Maven
java-xmlbuilder_project/java-xmlbuilder
< 1.2
Published
Feb 19, 2023
Tracked Since
Feb 18, 2026