CVE-2025-24783
- EPSS 0.18%
- Veröffentlicht 27.01.2025 15:15:17
- Zuletzt bearbeitet 15.07.2025 16:27:06
** UNSUPPORTED WHEN ASSIGNED ** Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) vulnerability in Apache Cocoon. This issue affects Apache Cocoon: all versions. When a continuation is created, it gets a random identifier. Because t...
CVE-2023-49733
- EPSS 0.48%
- Veröffentlicht 30.11.2023 12:15:09
- Zuletzt bearbeitet 13.02.2025 18:15:45
Improper Restriction of XML External Entity Reference vulnerability in Apache Cocoon.This issue affects Apache Cocoon: from 2.2.0 before 2.3.0. Users are recommended to upgrade to version 2.3.0, which fixes the issue.
CVE-2022-45135
- EPSS 1.48%
- Veröffentlicht 30.11.2023 08:15:07
- Zuletzt bearbeitet 13.02.2025 17:15:47
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Cocoon.This issue affects Apache Cocoon: from 2.2.0 before 2.3.0. Users are recommended to upgrade to version 2.3.0, which fixes the issue.
CVE-2020-11991
- EPSS 92.4%
- Veröffentlicht 11.09.2020 14:15:11
- Zuletzt bearbeitet 21.11.2024 04:59:04
When using the StreamGenerator, the code parse a user-provided XML. A specially crafted XML, including external system entities, could be used to access any file on the server system.
- EPSS 17.25%
- Veröffentlicht 31.12.2003 05:00:00
- Zuletzt bearbeitet 03.04.2025 01:03:51
Directory traversal vulnerability in the view-source sample file in Apache Software Foundation Cocoon 2.1 and 2.2 allows remote attackers to access arbitrary files via a .. (dot dot) in the filename parameter.