Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
In Apache uimaj prior to 2.10.2, Apache uimaj 3.0.0-xxx prior to 3.0.0-beta, Apache uima-as prior to 2.10.2, Apache uimaFIT prior to 2.4.0, Apache uimaDUCC prior to 2.2.2, this vulnerability relates to an XML external entity expansion (XXE) capability of various XML parsers. UIMA as part of its configuration and operation may read XML from various sources, which could be tainted in ways to cause inadvertent disclosure of local files or other internal content.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
多款Apache产品安全漏洞
Vulnerability Description
Apache UIMA是美国阿帕奇(Apache)软件基金会的一套用于分析非结构化内容(文本、视频和音频等)的框架。uimaj等都是其中提供不同功能的组件。 多款Apache产品中存在安全漏洞。攻击者可利用该漏洞获取本地文件或其他内部内容。以下产品和版本受到影响:Apache uimaj 2.10.2之前版本,3.0.0-beta之前的3.0.0-xxx版本;Apache uima-as 2.10.2之前版本;Apache uimaFIT 2.4.0之前版本;Apache uimaDUCC 2.2.2之前
CVSS Information
N/A
Vulnerability Type
N/A