N/A

Logisim Evolution version 2.14.3 and earlier contains an XML External Entity (XXE) vulnerability in Circuit file loading functionality (loadXmlFrom in src/com/cburch/logisim/file/XmlReader.java) that can result in information leak, possible RCE depending on system configuration. This attack appears to be exploitable via the victim opening a specially crafted circuit file. This vulnerability appears to have been fixed in 2.14.4.

N/A

N/A

Logisim Evolution 安全漏洞

Logisim Evolution是一款用于设计和模拟数据逻辑电路的工具。 Logisim Evolution 2.14.3及之前版本中的Circuit文件加载功能存在XML外部实体注入漏洞。攻击者可借助特制的circuit文件利用该漏洞泄露信息并可能执行代码。

N/A

N/A