Cocoon
by Apache
CVEs (2)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-11991 | 0.07 | — | 0.73 | Sep 11, 2020 | When using the StreamGenerator, the code parse a user-provided XML. A specially crafted XML, including external system entities, could be used to access any file on the server system. | |||
| CVE-2003-1172 | 0.05 | — | 0.31 | Dec 31, 2003 | Directory traversal vulnerability in the view-source sample file in Apache Software Foundation Cocoon 2.1 and 2.2 allows remote attackers to access arbitrary files via a .. (dot dot) in the filename parameter. |
- CVE-2020-11991Sep 11, 2020risk 0.07cvss —epss 0.73
When using the StreamGenerator, the code parse a user-provided XML. A specially crafted XML, including external system entities, could be used to access any file on the server system.
- CVE-2003-1172Dec 31, 2003risk 0.05cvss —epss 0.31
Directory traversal vulnerability in the view-source sample file in Apache Software Foundation Cocoon 2.1 and 2.2 allows remote attackers to access arbitrary files via a .. (dot dot) in the filename parameter.