CVE-2016-4216 – com.adobe.xmp:xmpcore

Package

Manager: maven
Name: com.adobe.xmp:xmpcore
Vulnerable Version: >=0 <5.1.3

Severity

Level: High

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00682 pctl0.70731

Details

Moderate severity vulnerability that affects com.adobe.xmp:xmpcore XMPCore in Adobe XMP Toolkit for Java before 5.1.3 allows remote attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Metadata

Created: 2018-10-19T16:39:29Z
Modified: 2021-09-16T21:06:35Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/10/GHSA-qv32-7r6p-xhhh/GHSA-qv32-7r6p-xhhh.json
CWE IDs: ["CWE-611"]
Alternative ID: GHSA-qv32-7r6p-xhhh
Finding: F083
Auto approve: 1