Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
XML external entity (XXE) vulnerability in the JBPMBpmn2ResourceImpl function in designer/bpmn2/resource/JBPMBpmn2ResourceImpl.java in jbpm-designer 6.0.x and 6.2.x allows remote attackers to read arbitrary files and possibly have other unspecified impact by importing a crafted BPMN2 file.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
JBPM jbpm-designer XML外部实体漏洞
Vulnerability Description
JBPM(全称Java Business Process Management,业务流程管理)是一套开源的可执行流程语言框架。jbpm-designer是其中的一套基于Web的jBPM流程设计工具。 JBPM jbpm-designer 6.0.x版本和6.2.x版本的designer/bpmn2/resource/JBPMBpmn2ResourceImpl.java文件中的‘JBPMBpmn2ResourceImpl’函数存在XML外部实体漏洞。远程攻击者可通过导入特制的BPMN2文件利用该漏洞读取任意
CVSS Information
N/A
Vulnerability Type
N/A