CVE-2021-3836

MEDIUM

DBeaver <=21.2.3 - XML External Entity Injection

Title source: manual
STIX 2.1

Description

dbeaver is vulnerable to Improper Restriction of XML External Entity Reference

References (2)

Core 2
Core References
Exploit, Issue Tracking, Third Party Advisory x_refsource_confirm
https://huntr.dev/bounties/a98264fb-1930-4c7c-b774-af24c0175fd4

Scores

CVSS v3 5.5
EPSS 0.0090
EPSS Percentile 54.8%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Details

CWE
CWE-611
Status published
Products (1)
dbeaver/dbeaver < 21.2.3
Published Dec 14, 2021
Tracked Since Feb 18, 2026