CVE-2014-2053 – james-heinrich/getid3

Package

Manager: composer
Name: james-heinrich/getid3
Vulnerable Version: >=0 <1.9.9

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

EPSS: 0.02653 pctl0.85205

Details

getID3 is vulnerable to XML External Entity (XXE) getID3() before 1.9.9, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack.

Metadata

Created: 2022-05-17T03:06:13Z
Modified: 2025-03-31T13:40:17Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-5v43-55m5-qr8f/GHSA-5v43-55m5-qr8f.json
CWE IDs: ["CWE-611"]
Alternative ID: GHSA-5v43-55m5-qr8f
Finding: F083
Auto approve: 1