CVE-2020-11991
maven/org.apache.cocoon/cocoon
Improper Restriction of XML External Entity Reference
When using the StreamGenerator, the code parse a user-provided XML. A specially crafted XML, including external system entities, could be used to access any file on the server system.
All versions starting from 2.1 up to 2.1.12
Upgrade to version 2.1.13 or above.
2020-09-18
source |