Critical severity9.8NVD Advisory· Published Jun 11, 2018· Updated Jun 17, 2026
CVE-2017-3206
CVE-2017-3206
Description
The Java implementation of AMF3 deserializers used by Flamingo amf-serializer by Exadel, version 2.2.0, allows external entity references (XXEs) from XML documents embedded within AMF3 messages. If the XML parsing is handled incorrectly it could potentially expose sensitive data on the server, denial of service, or server side request forgery.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2=2.2.0+ 1 more
- (no CPE)range: =2.2.0
- (no CPE)range: 2.2.0
Patches
Vulnerability mechanics
References
4- codewhitesec.blogspot.com/2017/04/amf.htmlnvdExploitThird Party Advisory
- www.securityfocus.com/bid/97380nvdThird Party AdvisoryVDB Entry
- www.securityweek.com/flaws-java-amf-libraries-allow-remote-code-executionnvdThird Party Advisory
- www.kb.cert.org/vuls/id/307983nvdThird Party AdvisoryUS Government Resource
News mentions
0No linked articles in our index yet.