Common Weakness Enumeration

CWE-611

Allowed

Improper Restriction of XML External Entity Reference

Abstraction: Base · Status: Draft

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

1694 vulnerabilities reference this CWE, most recent first.

GHSA-3PPH-2595-CGFH

Vulnerability from github – Published: 2018-10-17 19:55 – Updated: 2024-03-04 20:32
VLAI
Summary
There is a XML external entity expansion (XXE) vulnerability in Apache Solr
Details

This vulnerability in Apache Solr 1.2 to 6.6.2 and 7.0.0 to 7.2.1 relates to an XML external entity expansion (XXE) in the &dataConfig=<inlinexml> parameter of Solr's DataImportHandler. It can be used as XXE using file/ftp/http protocols in order to read arbitrary local files from the Solr server or the internal network.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.solr:solr-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.2"
            },
            {
              "fixed": "6.6.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.solr:solr-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "7.0.0"
            },
            {
              "fixed": "7.3.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2018-1308"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-611"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-16T20:55:43Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "This vulnerability in Apache Solr 1.2 to 6.6.2 and 7.0.0 to 7.2.1 relates to an XML external entity expansion (XXE) in the `\u0026dataConfig=\u003cinlinexml\u003e` parameter of Solr\u0027s DataImportHandler. It can be used as XXE using file/ftp/http protocols in order to read arbitrary local files from the Solr server or the internal network.",
  "id": "GHSA-3pph-2595-cgfh",
  "modified": "2024-03-04T20:32:45Z",
  "published": "2018-10-17T19:55:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1308"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/lucene-solr/commit/3530397f1777332872eac2760f9aa0e2ae1d7450"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/lucene-solr/commit/739a7933"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/lucene-solr/commit/dd3be31f7062dcb2f3b2d7f0e89df29e197dee63"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/advisories/GHSA-3pph-2595-cgfh"
    },
    {
      "type": "WEB",
      "url": "https://issues.apache.org/jira/browse/SOLR-11971"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00025.html"
    },
    {
      "type": "WEB",
      "url": "https://mail-archives.apache.org/mod_mbox/www-announce/201804.mbox/%3C000001d3cf68%245ac69af0%241053d0d0%24%40apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2018/dsa-4194"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "There is a XML external entity expansion (XXE) vulnerability in Apache Solr "
}

GHSA-3PPR-72X5-X67Q

Vulnerability from github – Published: 2023-01-26 21:30 – Updated: 2024-01-04 12:11
VLAI
Summary
XML external entity vulnerability on agents in Jenkins MSTest Plugin
Details

Jenkins MSTest Plugin 1.0.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.jvnet.hudson.plugins:mstest"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.0.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-24441"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-611",
      "CWE-776"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-01-27T01:03:33Z",
    "nvd_published_at": "2023-01-26T21:18:00Z",
    "severity": "CRITICAL"
  },
  "details": "Jenkins MSTest Plugin 1.0.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.",
  "id": "GHSA-3ppr-72x5-x67q",
  "modified": "2024-01-04T12:11:28Z",
  "published": "2023-01-26T21:30:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24441"
    },
    {
      "type": "WEB",
      "url": "https://github.com/jenkinsci/mstest-plugin/commit/f9b9b0cbdf7559fdd8fc4004e5a242f5801daa67"
    },
    {
      "type": "WEB",
      "url": "https://github.com/jenkinsci/mstest-plugin/releases/tag/mstest-1.0.1"
    },
    {
      "type": "WEB",
      "url": "https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-2292"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "XML external entity vulnerability on agents in Jenkins MSTest Plugin "
}

GHSA-3PR4-6X9M-839X

Vulnerability from github – Published: 2022-05-24 19:10 – Updated: 2022-05-24 19:10
VLAI
Details

A vulnerability has been identified in Solid Edge SE2021 (All Versions < SE2021MP7). An XML external entity injection vulnerability in the underlying XML parser could cause the affected application to disclose arbitrary files to remote attackers by loading a specially crafted xml file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-37178"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-611"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-08-10T11:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability has been identified in Solid Edge SE2021 (All Versions \u003c SE2021MP7). An XML external entity injection vulnerability in the underlying XML parser could cause the affected application to disclose arbitrary files to remote attackers by loading a specially crafted xml file.",
  "id": "GHSA-3pr4-6x9m-839x",
  "modified": "2022-05-24T19:10:37Z",
  "published": "2022-05-24T19:10:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37178"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-818688.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-3Q62-H7X3-478P

Vulnerability from github – Published: 2022-05-17 03:05 – Updated: 2022-05-17 03:05
VLAI
Details

XML External Entity (XXE) Vulnerability in /SSOPOST/metaAlias/%realm%/idpv2 in OpenAM - Access Management 10.1.0 allows remote attackers to read arbitrary files via the SAMLRequest parameter.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2016-10097"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-611"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-01-02T09:59:00Z",
    "severity": "HIGH"
  },
  "details": "XML External Entity (XXE) Vulnerability in /SSOPOST/metaAlias/%realm%/idpv2 in OpenAM - Access Management 10.1.0 allows remote attackers to read arbitrary files via the SAMLRequest parameter.",
  "id": "GHSA-3q62-h7x3-478p",
  "modified": "2022-05-17T03:05:21Z",
  "published": "2022-05-17T03:05:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-10097"
    },
    {
      "type": "WEB",
      "url": "https://twitter.com/h02332/status/816252923688665088"
    },
    {
      "type": "WEB",
      "url": "http://www.cloudscan.me/2016/03/xxe-dork-open-am-1010-xml-injection.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/95174"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3QJF-F83F-X2PM

Vulnerability from github – Published: 2022-05-17 01:09 – Updated: 2022-05-17 01:09
VLAI
Details

XML external entity (XXE) vulnerability in bkr/server/jobs.py in Beaker before 20.1 allows remote authenticated users to obtain sensitive information via submitting job XML to the server containing entity references which reference files from the Beaker server's file system.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2015-3160"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-611"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-09-06T21:29:00Z",
    "severity": "MODERATE"
  },
  "details": "XML external entity (XXE) vulnerability in bkr/server/jobs.py in Beaker before 20.1 allows remote authenticated users to obtain sensitive information via submitting job XML to the server containing entity references which reference files from the Beaker server\u0027s file system.",
  "id": "GHSA-3qjf-f83f-x2pm",
  "modified": "2022-05-17T01:09:27Z",
  "published": "2022-05-17T01:09:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3160"
    },
    {
      "type": "WEB",
      "url": "https://beaker-project.org/jenkins-results/beaker-review-checks-docs/995/documentation/_build/html/whats-new/release-20.html#beaker-20-1"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/attachment.cgi?id=1020003"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1215020"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2015/05/08/1"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/74569"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3QPG-33WR-533J

Vulnerability from github – Published: 2022-02-12 00:00 – Updated: 2022-04-20 19:13
VLAI
Summary
Improper Restriction of XML External Entity Reference in Magnolia CMS
Details

An issue in the Export function of Magnolia v6.2.3 and below allows attackers to execute arbitrary code via a crafted XLF file.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "info.magnolia:magnolia-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "6.2.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-46365"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-611"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-02-14T22:44:02Z",
    "nvd_published_at": "2022-02-11T21:15:00Z",
    "severity": "HIGH"
  },
  "details": "An issue in the Export function of Magnolia v6.2.3 and below allows attackers to execute arbitrary code via a crafted XLF file.",
  "id": "GHSA-3qpg-33wr-533j",
  "modified": "2022-04-20T19:13:59Z",
  "published": "2022-02-12T00:00:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-46365"
    },
    {
      "type": "WEB",
      "url": "https://docs.magnolia-cms.com/product-docs/6.2/Releases/Release-notes-for-Magnolia-CMS-6.2.4.html#_security_advisory"
    },
    {
      "type": "WEB",
      "url": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2021-46365-Unsafe%20XML%20Parsing-Magnolia%20CMS"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Improper Restriction of XML External Entity Reference in Magnolia CMS"
}

GHSA-3QWC-GVHP-6F85

Vulnerability from github – Published: 2022-11-16 12:00 – Updated: 2022-11-21 15:30
VLAI
Details

A vulnerability in the module import function of the administrative interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to view sensitive information. This vulnerability is due to insufficient validation of the XML syntax when importing a module. An attacker could exploit this vulnerability by supplying a specially crafted XML file to the function. A successful exploit could allow the attacker to read sensitive data that would normally not be revealed.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-20938"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-611"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-11-15T21:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability in the module import function of the administrative interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to view sensitive information. This vulnerability is due to insufficient validation of the XML syntax when importing a module. An attacker could exploit this vulnerability by supplying a specially crafted XML file to the function. A successful exploit could allow the attacker to read sensitive data that would normally not be revealed.",
  "id": "GHSA-3qwc-gvhp-6f85",
  "modified": "2022-11-21T15:30:21Z",
  "published": "2022-11-16T12:00:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-20938"
    },
    {
      "type": "WEB",
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xxe-MzPC4bYd"
    },
    {
      "type": "WEB",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xxe-MzPC4bYd"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3QWH-G5RX-3XC3

Vulnerability from github – Published: 2022-05-13 01:38 – Updated: 2025-04-12 12:48
VLAI
Details

Unspecified vulnerability in HP WebInspect 7.x through 10.4 before 10.4 update 1 allows remote authenticated users to bypass intended access restrictions via unknown vectors.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2015-2125"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-611"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2015-06-07T18:59:00Z",
    "severity": "MODERATE"
  },
  "details": "Unspecified vulnerability in HP WebInspect 7.x through 10.4 before 10.4 update 1 allows remote authenticated users to bypass intended access restrictions via unknown vectors.",
  "id": "GHSA-3qwh-g5rx-3xc3",
  "modified": "2025-04-12T12:48:30Z",
  "published": "2022-05-13T01:38:54Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2125"
    },
    {
      "type": "WEB",
      "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04695307"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/37250"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/75036"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1032478"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-3QX8-HG75-RQ29

Vulnerability from github – Published: 2022-05-13 01:16 – Updated: 2022-05-13 01:16
VLAI
Details

An XML external entity (XXE) vulnerability in Fortify Software Security Center (SSC), version 17.1, 17.2, 18.1 allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-12463"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-611"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-07-12T16:29:00Z",
    "severity": "CRITICAL"
  },
  "details": "An XML external entity (XXE) vulnerability in Fortify Software Security Center (SSC), version 17.1, 17.2, 18.1 allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request.",
  "id": "GHSA-3qx8-hg75-rq29",
  "modified": "2022-05-13T01:16:16Z",
  "published": "2022-05-13T01:16:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12463"
    },
    {
      "type": "WEB",
      "url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03201563"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/45027"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1041286"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3R39-XHJJ-CWP2

Vulnerability from github – Published: 2021-12-15 00:00 – Updated: 2021-12-16 00:02
VLAI
Details

dbeaver is vulnerable to Improper Restriction of XML External Entity Reference

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-3836"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-611"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-12-14T16:15:00Z",
    "severity": "MODERATE"
  },
  "details": "dbeaver is vulnerable to Improper Restriction of XML External Entity Reference",
  "id": "GHSA-3r39-xhjj-cwp2",
  "modified": "2021-12-16T00:02:25Z",
  "published": "2021-12-15T00:00:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3836"
    },
    {
      "type": "WEB",
      "url": "https://github.com/dbeaver/dbeaver/commit/4debf8f25184b7283681ed3fb5e9e887d9d4fe22"
    },
    {
      "type": "WEB",
      "url": "https://huntr.dev/bounties/a98264fb-1930-4c7c-b774-af24c0175fd4"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Mitigation
Implementation System Configuration

Many XML parsers and validators can be configured to disable external entity expansion.

CAPEC-221: Data Serialization External Entities Blowup

This attack takes advantage of the entity replacement property of certain data serialization languages (e.g., XML, YAML, etc.) where the value of the replacement is a URI. A well-crafted file could have the entity refer to a URI that consumes a large amount of resources to create a denial of service condition. This can cause the system to either freeze, crash, or execute arbitrary code depending on the URI.