Home > Vulnerability Database > WS-2023-0236

Mend.io Vulnerability Database

WS-2023-0236

Good to know:

Date: July 10, 2023

XmlParser is vulnerable to XML external entity (XXE) vulnerability. XmlParser is being used when parsing Jetty’s xml configuration files. An attacker might exploit this vulnerability in order to achieve SSRF or cause a denial of service. One possible scenario is importing a (remote) malicious WAR into a Jetty’s server, while the WAR includes a malicious web.xml. The vulnerability is patched in versions 10.0.16, 11.0.16, and 12.0.0.

Language: Java

Severity Score

3.9

Related Resources (2)

Url: https://github.com/eclipse/jetty.project/commit/9a05c75ad28ebad4abbe624fa432664c59763747

Url: https://www.mend.io/vulnerability-database/WS-2023-0236

Severity Score

3.9

Weakness Type (CWE)

Improper Restriction of XML External Entity Reference ('XXE')

CWE-611

Top Fix

Upgrade Version

Upgrade to version org.eclipse.jetty:jetty-xml:10.0.16,11.0.16,12.0.0

Learn More

CVSS v3.1

Base Score:	3.9
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	HIGH
Privileges Required (PR):	HIGH
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

WS-2023-0236

Good to know:

Date: July 10, 2023

Language: Java

Severity Score

Related Resources (2)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?