Vulnerability Details CVE-2021-43090
An XML External Entity (XXE) vulnerability exists in soa-model before 1.6.4 in the WSDLParser function.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 62.7%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- https://github.com/membrane/soa-model/commit/19de16902468e7963cc4dc6b544574bc1ea3f251
- https://github.com/membrane/soa-model/commit/3aa295f155f621d5ea661cb9a0604013fc8fd8ff
- https://github.com/membrane/soa-model/issues/281
- https://github.com/membrane/soa-model/releases/tag/v1.6.4
- https://github.com/membrane/soa-model/commit/19de16902468e7963cc4dc6b544574bc1ea3f251
- https://github.com/membrane/soa-model/commit/3aa295f155f621d5ea661cb9a0604013fc8fd8ff
- https://github.com/membrane/soa-model/issues/281
- https://github.com/membrane/soa-model/releases/tag/v1.6.4
Products affected by CVE-2021-43090
-
cpe:2.3:a:predic8:soa_model:-
-
cpe:2.3:a:predic8:soa_model:1.3.2
-
cpe:2.3:a:predic8:soa_model:1.4.0
-
cpe:2.3:a:predic8:soa_model:1.4.0.8
-
cpe:2.3:a:predic8:soa_model:1.4.0.9
-
cpe:2.3:a:predic8:soa_model:1.4.1
-
cpe:2.3:a:predic8:soa_model:1.4.1.1
-
cpe:2.3:a:predic8:soa_model:1.4.1.10
-
cpe:2.3:a:predic8:soa_model:1.4.1.11
-
cpe:2.3:a:predic8:soa_model:1.4.1.12
-
cpe:2.3:a:predic8:soa_model:1.4.1.2
-
cpe:2.3:a:predic8:soa_model:1.4.1.3
-
cpe:2.3:a:predic8:soa_model:1.4.1.4
-
cpe:2.3:a:predic8:soa_model:1.4.1.5
-
cpe:2.3:a:predic8:soa_model:1.4.1.6
-
cpe:2.3:a:predic8:soa_model:1.4.1.7
-
cpe:2.3:a:predic8:soa_model:1.4.1.8
-
cpe:2.3:a:predic8:soa_model:1.4.1.9
-
cpe:2.3:a:predic8:soa_model:1.4.2.0
-
cpe:2.3:a:predic8:soa_model:1.4.2.1
-
cpe:2.3:a:predic8:soa_model:1.4.2.2
-
cpe:2.3:a:predic8:soa_model:1.4.2.3
-
cpe:2.3:a:predic8:soa_model:1.4.2.4
-
cpe:2.3:a:predic8:soa_model:1.4.2.5
-
cpe:2.3:a:predic8:soa_model:1.5.0
-
cpe:2.3:a:predic8:soa_model:1.5.1
-
cpe:2.3:a:predic8:soa_model:1.5.2
-
cpe:2.3:a:predic8:soa_model:1.5.3