Critical severity9.1NVD Advisory· Published Jan 25, 2021· Updated Jun 17, 2026
CVE-2021-23901
CVE-2021-23901
Description
An XML external entity (XXE) injection vulnerability was discovered in the Nutch DmozParser and is known to affect Nutch versions < 1.18. XML external entity injection (also known as XXE) is a web security vulnerability that allows an attacker to interfere with an application's processing of XML data. It often allows an attacker to view files on the application server filesystem, and to interact with any back-end or external systems that the application itself can access. This issue is fixed in Apache Nutch 1.18.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.nutch:nutchMaven | < 1.18 | 1.18 |
Affected products
21- ghsa-coords20 versionspkg:maven/org.apache.nutch/nutchpkg:rpm/suse/cpu-mitigations-formula&distro=SUSE%20Manager%20Server%20Module%204.0pkg:rpm/suse/nutch-core&distro=SUSE%20Manager%20Server%20Module%204.0pkg:rpm/suse/nutch-core&distro=SUSE%20Manager%20Server%20Module%204.1pkg:rpm/suse/smdba&distro=SUSE%20Manager%20Server%20Module%204.0pkg:rpm/suse/spacecmd&distro=SUSE%20Manager%20Server%20Module%204.0pkg:rpm/suse/spacewalk-backend&distro=SUSE%20Manager%20Server%20Module%204.0pkg:rpm/suse/spacewalk-branding&distro=SUSE%20Manager%20Server%20Module%204.0pkg:rpm/suse/spacewalk-certs-tools&distro=SUSE%20Manager%20Server%20Module%204.0pkg:rpm/suse/spacewalk-java&distro=SUSE%20Manager%20Server%20Module%204.0pkg:rpm/suse/spacewalk-reports&distro=SUSE%20Manager%20Server%20Module%204.0pkg:rpm/suse/spacewalk-utils&distro=SUSE%20Manager%20Server%20Module%204.0pkg:rpm/suse/spacewalk-web&distro=SUSE%20Manager%20Server%20Module%204.0pkg:rpm/suse/supportutils-plugin-susemanager&distro=SUSE%20Manager%20Server%20Module%204.0pkg:rpm/suse/susemanager-doc-indexes&distro=SUSE%20Manager%20Server%20Module%204.0pkg:rpm/suse/susemanager-docs_en&distro=SUSE%20Manager%20Server%20Module%204.0pkg:rpm/suse/susemanager-frontend-libs&distro=SUSE%20Manager%20Server%20Module%204.0pkg:rpm/suse/susemanager-schema&distro=SUSE%20Manager%20Server%20Module%204.0pkg:rpm/suse/susemanager-sls&distro=SUSE%20Manager%20Server%20Module%204.0pkg:rpm/suse/susemanager-sync-data&distro=SUSE%20Manager%20Server%20Module%204.0
< 1.18+ 19 more
- (no CPE)range: < 1.18
- (no CPE)range: < 0.3-4.9.2
- (no CPE)range: < 1.0.1-4.5.2
- (no CPE)range: < 1.0.1-4.3.1
- (no CPE)range: < 1.7.8-0.3.3.2
- (no CPE)range: < 4.0.22-3.25.2
- (no CPE)range: < 4.0.36-3.41.2
- (no CPE)range: < 4.0.19-3.21.3
- (no CPE)range: < 4.0.18-3.24.2
- (no CPE)range: < 4.0.41-3.51.2
- (no CPE)range: < 4.0.6-3.3.2
- (no CPE)range: < 4.0.19-3.24.2
- (no CPE)range: < 4.0.26-3.39.3
- (no CPE)range: < 4.0.5-3.6.2
- (no CPE)range: < 4.0-10.30.2
- (no CPE)range: < 4.0-10.30.2
- (no CPE)range: < 4.0.3-4.6.2
- (no CPE)range: < 4.0.24-3.35.2
- (no CPE)range: < 4.0.32-3.40.2
- (no CPE)range: < 4.0.20-3.32.2
- Apache Software Foundation/Apache Nutchv5Range: Apache Nutch
Patches
Vulnerability mechanics
References
11- issues.apache.org/jira/browse/NUTCH-2841nvdIssue TrackingPatchVendor AdvisoryWEB
- github.com/advisories/GHSA-fxhp-wrw9-3r97ghsaADVISORY
- lists.apache.org/thread.html/r090321840b44cc91086c4e317bf2baffa270749dde6c1273b6567f7c%40%3Cdev.nutch.apache.org%3EnvdMailing ListVendor AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2021-23901ghsaADVISORY
- security.netapp.com/advisory/ntap-20210513-0003/nvdThird Party Advisory
- github.com/apache/nutch/pull/563ghsaWEB
- lists.apache.org/thread.html/r5e2f7737b42c73a3325f3c2c8cdee1ec27631b3a0e144104d84d70e6@%3Cannounce.apache.org%3EghsaWEB
- lists.apache.org/thread.html/r7ddfd680aa7ea001ca8da63bb23e3f8caa095a8b4f2261e46bade5c7@%3Cdev.nutch.apache.org%3EghsaWEB
- security.netapp.com/advisory/ntap-20210513-0003ghsaWEB
- lists.apache.org/thread.html/r5e2f7737b42c73a3325f3c2c8cdee1ec27631b3a0e144104d84d70e6%40%3Cannounce.apache.org%3Envd
- lists.apache.org/thread.html/r7ddfd680aa7ea001ca8da63bb23e3f8caa095a8b4f2261e46bade5c7%40%3Cdev.nutch.apache.org%3Envd
News mentions
0No linked articles in our index yet.