CVE-2016-6798 – org.apache.sling:org.apache.sling.xss.compat

Package

Manager: maven
Name: org.apache.sling:org.apache.sling.xss.compat
Vulnerable Version: >=0 <1.1.0

Severity

Level: Critical

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

EPSS: 0.01343 pctl0.79275

Details

XML External Entity Reference in Apache Sling In the XSS Protection API module before 1.0.12 in Apache Sling, the method XSS.getValidXML() uses an insecure SAX parser to validate the input string, which allows for XXE attacks in all scripts which use this method to validate user input, potentially allowing an attacker to read sensitive data on the filesystem, perform same-site-request-forgery (SSRF), port-scanning behind the firewall or DoS the application.

Metadata

Created: 2022-05-17T02:26:22Z
Modified: 2022-11-03T20:48:21Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-7g54-vgp6-jj5w/GHSA-7g54-vgp6-jj5w.json
CWE IDs: ["CWE-611"]
Alternative ID: GHSA-7g54-vgp6-jj5w
Finding: F083
Auto approve: 1