N/A

JabRef version <=4.3.1 contains a XML External Entity (XXE) vulnerability in MsBibImporter XML Parser that can result in disclosure of confidential data, denial of service, server side request forgery, port scanning. This attack appear to be exploitable via Specially crafted MsBib file. This vulnerability appears to have been fixed in after commit 89f855d.

N/A

N/A

JabRef MsBibImporter XML解析器安全漏洞

JabRef是一款开源的书籍目录管理应用程序。该程序支持多种格式文件导入、书籍目录搜索和目录分类等功能。MsBibImporter XML Parser是其中的一个XML解析器。 JabRef 4.3.1及之前版本中的MsBibImporter XML解析器存在XML外部实体注入漏洞。攻击者可借助特制的MsBib文件利用该漏洞泄露敏感信息，造成拒绝服务，伪造服务器端请求或扫描端口。

N/A

N/A