CVE-2020-11987
- EPSS 0.63%
- Veröffentlicht 24.02.2021 18:15:11
- Zuletzt bearbeitet 21.11.2024 04:59:03
Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arb...
CVE-2020-25649
- EPSS 0.01%
- Veröffentlicht 03.12.2020 17:15:12
- Zuletzt bearbeitet 21.11.2024 05:18:20
A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.
CVE-2019-10219
- EPSS 1.67%
- Veröffentlicht 08.11.2019 15:15:11
- Zuletzt bearbeitet 07.07.2025 14:15:21
A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.
CVE-2019-17495
- EPSS 13.71%
- Veröffentlicht 10.10.2019 22:15:10
- Zuletzt bearbeitet 21.11.2024 04:32:22
A Cascading Style Sheets (CSS) injection vulnerability in Swagger UI before 3.23.11 allows attackers to use the Relative Path Overwrite (RPO) technique to perform CSS-based input field value exfiltration, such as exfiltration of a CSRF token value. I...