Unrated severityNVD Advisory· Published Sep 11, 2020· Updated Aug 4, 2024

CVE-2020-11991

Description

When using the StreamGenerator, the code parse a user-provided XML. A specially crafted XML, including external system entities, could be used to access any file on the server system.

Affected products

Apache/Cocoonllm-fuzzy

Patches

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.apache.org/thread.html/r77add973ea521185e1a90aca00ba9dae7caa8d8b944d92421702bb54%40%3Cusers.cocoon.apache.org%3Emitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.058
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000