CVE-2015-1833 – org.apache.jackrabbit:jackrabbit-core

Package

Manager: maven
Name: org.apache.jackrabbit:jackrabbit-core
Vulnerable Version: >=0 <2.0.6 || >=2.2.0 <2.2.14 || >=2.4.0 <2.4.6 || >=2.6.0 <2.6.6 || =2.8.0 || >=2.8.0 <2.8.1 || =2.10.0 || >=2.10.0 <2.10.1

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.30217 pctl0.96531

Details

Improper Input Validation in Apache Jackrabbit XML external entity (XXE) vulnerability in Apache Jackrabbit before 2.0.6, 2.2.x before 2.2.14, 2.4.x before 2.4.6, 2.6.x before 2.6.6, 2.8.x before 2.8.1, and 2.10.x before 2.10.1 allows remote attackers to read arbitrary files and send requests to intranet servers via a crafted WebDAV request.

Metadata

Created: 2022-05-14T02:49:30Z
Modified: 2024-04-12T21:44:17Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-9284-j4c9-779q/GHSA-9284-j4c9-779q.json
CWE IDs: ["CWE-20"]
Alternative ID: GHSA-9284-j4c9-779q
Finding: F184
Auto approve: 1