Home > Vulnerability Database > WS-2023-0236

Mend.io Vulnerability Database

WS-2023-0236

Good to know:

Date: August 25, 2025

XmlParser is vulnerable to XML external entity (XXE) vulnerability. XmlParser is being used when parsing Jetty’s xml configuration files. An attacker might exploit this vulnerability in order to achieve SSRF or cause a denial of service. One possible scenario is importing a (remote) malicious WAR into a Jetty’s server, while the WAR includes a malicious web.xml. The vulnerability is patched in versions 10.0.16, 11.0.16, and 12.0.0.

Language: Java

Severity Score

3.9

Related Resources (9)

Url: https://github.com/eclipse/jetty.project/releases/tag/jetty-11.0.16

Url: https://github.com/eclipse/jetty.project

Url: https://github.com/eclipse/jetty.project/releases/tag/jetty-12.0.0

Url: https://github.com/eclipse/jetty.project/releases/tag/jetty-9.4.52.v20230823

Url: https://github.com/eclipse/jetty.project/commit/9a05c75ad28ebad4abbe624fa432664c59763747

Url: https://github.com/eclipse/jetty.project/security/advisories/GHSA-58qw-p7qm-5rvh

Url: https://github.com/eclipse/jetty.project/releases/tag/jetty-10.0.16

Url: https://github.com/eclipse/jetty.project/pull/10067

Url: https://www.mend.io/vulnerability-database/WS-2023-0236

Severity Score

3.9

Weakness Type (CWE)

Improper Restriction of XML External Entity Reference

CWE-611

CVSS v3.1

Base Score:	3.9
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	HIGH
Privileges Required (PR):	HIGH
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

WS-2023-0236

Good to know:

Date: August 25, 2025

Language: Java

Severity Score

Related Resources (9)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?