CVE-2020-11991

Improper Restriction of XML External Entity Reference in maven/org.apache.cocoon/cocoon

Identifiers

CVE-2020-11991

Package Slug

maven/org.apache.cocoon/cocoon

Vulnerability

Improper Restriction of XML External Entity Reference

Description

When using the StreamGenerator, the code parse a user-provided XML. A specially crafted XML, including external system entities, could be used to access any file on the server system.

Affected Versions

All versions starting from 2.1 up to 2.1.12

Solution

Upgrade to version 2.1.13 or above.

Last Modified

2020-09-18

source