Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to conduct XML External Entity (XXE) attacks via a crafted document.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
XMLSec Libxml2 安全漏洞
Vulnerability Description
XMLSec是一个基于C语言用于实现XML安全标准的库。Libxml2是GNOME项目组所研发的一个基于C语言的用来解析XML文档的函数库。 XMLSec 1.2.23及之前的版本和其他产品中使用的Libxml2 2.9.4及之前的版本中存在安全漏洞。远程攻击者可借助特制的文档利用该漏洞实施XML External Entity (XXE)攻击。
CVSS Information
N/A
Vulnerability Type
N/A