{"uuid": "59a1c9f8-5243-42af-8edc-dbee2c31abc3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2013-0340", "type": "seen", "source": "https://t.me/arpsyndicate/1673", "content": "#ExploitObserverAlert\n\nCVE-2013-0340\n\nDESCRIPTION: Exploit Observer has 27 entries related to CVE-2013-0340. expat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue.  NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed, and each affected application would need its own CVE.\n\nFIRST-EPSS: 0.005430000\nNVD-IS: 6.4\nNVD-ES: 8.6", "creation_timestamp": "2023-12-10T18:28:53.000000Z"}