CVE-2021-23901
CRITICALApache Nutch < 1.18 - XML External Entity Injection in DmozParser
Title source: llmDescription
An XML external entity (XXE) injection vulnerability was discovered in the Nutch DmozParser and is known to affect Nutch versions < 1.18. XML external entity injection (also known as XXE) is a web security vulnerability that allows an attacker to interfere with an application's processing of XML data. It often allows an attacker to view files on the application server filesystem, and to interact with any back-end or external systems that the application itself can access. This issue is fixed in Apache Nutch 1.18.
References (5)
Core 5
Core References
Mailing List, Vendor Advisory x_refsource_misc
https://lists.apache.org/thread.html/r090321840b44cc91086c4e317bf2baffa270749dde6c1273b6567f7c%40%3Cdev.nutch.apache.org%3E
Issue Tracking, Patch, Vendor Advisory x_refsource_misc
https://issues.apache.org/jira/browse/NUTCH-2841
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/r7ddfd680aa7ea001ca8da63bb23e3f8caa095a8b4f2261e46bade5c7%40%3Cdev.nutch.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/r5e2f7737b42c73a3325f3c2c8cdee1ec27631b3a0e144104d84d70e6%40%3Cannounce.apache.org%3E
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20210513-0003/
Scores
CVSS v3
9.1
EPSS
0.0107
EPSS Percentile
77.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Details
CWE
CWE-611
Status
published
Products (3)
apache/nutch
< 1.18
netapp/snap_creator_framework
org.apache.nutch/nutch
0 - 1.18Maven
Published
Jan 25, 2021
Tracked Since
Feb 18, 2026