Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
expat before version 2.4.0 does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed, and each affected application would need its own CVE.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Expat 代码问题漏洞
Vulnerability Description
Expat是一款使用C语言编写的快速流式XML解析器。 Expat 2.1.0及之前的版本中存在代码问题漏洞。当程序处理XML Internal Entities扩展时,远程攻击者可借助恶意的XML文档利用该漏洞造成拒绝服务(资源消耗),向内网服务器发送HTTP请求,或读取任意文件。
CVSS Information
N/A
Vulnerability Type
N/A