CVE-2021-43090
CRITICALpredic8 soa_model < 1.6.4 - XML External Entity Injection in WSDLParser
Title source: llmDescription
An XML External Entity (XXE) vulnerability exists in soa-model before 1.6.4 in the WSDLParser function.
References (4)
Core 4
Core References
Exploit, Issue Tracking, Third Party Advisory x_refsource_misc
https://github.com/membrane/soa-model/issues/281
Patch, Third Party Advisory x_refsource_misc
https://github.com/membrane/soa-model/commit/3aa295f155f621d5ea661cb9a0604013fc8fd8ff
Patch, Third Party Advisory x_refsource_misc
https://github.com/membrane/soa-model/commit/19de16902468e7963cc4dc6b544574bc1ea3f251
Release Notes, Third Party Advisory x_refsource_misc
https://github.com/membrane/soa-model/releases/tag/v1.6.4
Scores
CVSS v3
9.8
EPSS
0.0190
EPSS Percentile
76.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-611
Status
published
Products (3)
com.predic8/soa-model-core
0 - 1.6.4Maven
com.predic8/soa-model-parent
0 - 1.6.4Maven
predic8/soa_model
< 1.6.4
Published
Mar 25, 2022
Tracked Since
Feb 18, 2026