7.5
CVE-2021-25951
- EPSS 1.17%
- Veröffentlicht 30.06.2021 12:15:07
- Zuletzt bearbeitet 21.11.2024 05:55:39
- Quelle vulnerabilitylab@mend.io
- CVE-Watchlists
- Unerledigt
LoginXXE vulnerability in 'XML2Dict' version 0.2.2 allows an attacker to cause a denial of service.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Xml2dict Project ≫ Xml2dict Version0.2.2 SwPlatformpython
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.17% | 0.634 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:N/A:P
|
CWE-611 Improper Restriction of XML External Entity Reference
The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.
https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25951