CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-11991

When using the StreamGenerator, the code parse a user-provided XML. A specially crafted XML, including external system entities, could be used to access any file on the server system.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.926

EPSS Ranking 99.7%

CVSS Severity

CVSS v3 Score 7.5

CVSS v2 Score 5.0

References

https://lists.apache.org/thread.html/r77add973ea521185e1a90aca00ba9dae7caa8d8b944d92421702bb54%40%3Cusers.cocoon.apache.org%3E
https://lists.apache.org/thread.html/r77add973ea521185e1a90aca00ba9dae7caa8d8b944d92421702bb54%40%3Cusers.cocoon.apache.org%3E

Products affected by CVE-2020-11991

Apache » Cocoon » Version: 2.1

cpe:2.3:a:apache:cocoon:2.1
Apache » Cocoon » Version: 2.1.10

cpe:2.3:a:apache:cocoon:2.1.10
Apache » Cocoon » Version: 2.1.11

cpe:2.3:a:apache:cocoon:2.1.11
Apache » Cocoon » Version: 2.1.12

cpe:2.3:a:apache:cocoon:2.1.12
Apache » Cocoon » Version: 2.1.2

cpe:2.3:a:apache:cocoon:2.1.2
Apache » Cocoon » Version: 2.1.7

cpe:2.3:a:apache:cocoon:2.1.7
Apache » Cocoon » Version: 2.1.8

cpe:2.3:a:apache:cocoon:2.1.8
Apache » Cocoon » Version: 2.1.9

cpe:2.3:a:apache:cocoon:2.1.9

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-11991

Products

Pricing

Contact Us