Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
codelibs fess version before commit faa265b contains a XML External Entity (XXE) vulnerability in GSA XML file parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via specially crafted GSA XML files. This vulnerability appears to have been fixed in after commit faa265b.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
codelibs fess GSA XML文件解析器安全漏洞
Vulnerability Description
codelibs fess是一款基于Java和Elasticsearch的搜索服务器。GSA XML是其中的一个XML解析器。 codelibs fess commit faa265b之前版本中的GSA XML文件解析器存在XML外部实体注入漏洞。攻击者可借助特制的GSA XML文件利用该漏洞泄露敏感数据,造成拒绝服务,实施服务器端请求伪造攻击或扫描端口。
CVSS Information
N/A
Vulnerability Type
N/A