CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-41042

In Eclipse Lyo versions 1.0.0 to 4.1.0, a TransformerFactory is initialized with the defaults that do not restrict DTD loading when working with RDF/XML. This allows an attacker to cause an external DTD to be retrieved.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.022

EPSS Ranking 83.4%

CVSS Severity

CVSS v3 Score 5.3

CVSS v2 Score 5.0

References

https://gitlab.eclipse.org/eclipsefdn/emo-team/emo/-/issues/287
https://gitlab.eclipse.org/eclipsefdn/emo-team/emo/-/issues/287

Products affected by CVE-2021-41042

Eclipse » Lyo » Version: 1.0.0

cpe:2.3:a:eclipse:lyo:1.0.0
Eclipse » Lyo » Version: 4.1.0

cpe:2.3:a:eclipse:lyo:4.1.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-41042

Products

Pricing

Contact Us