Description
Processing Foundation Processing version 3.4 and earlier contains a XML External Entity (XXE) vulnerability in loadXML() function that can result in An attacker can read arbitrary files and exfiltrate their contents via HTTP requests. This attack appear to be exploitable via The victim must use Processing to parse a crafted XML document.
References (2)
Core 2
Core References
Exploit, Patch, Third Party Advisory x_refsource_misc
https://github.com/processing/processing/issues/5706
Third Party Advisory x_refsource_misc
https://twitter.com/ben_fry/status/1054333613465059329
Scores
CVSS v3
6.5
EPSS
0.0218
EPSS Percentile
80.0%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Details
CWE
CWE-611
Status
published
Products (1)
processing/processing
< 3.4
Published
Dec 20, 2018
Tracked Since
Feb 18, 2026