Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
This affects Apache Cayenne 4.1.M1, 3.2.M1, 4.0.M2 to 4.0.M5, 4.0.B1, 4.0.B2, 4.0.RC1, 3.1, 3.1.1, 3.1.2. CayenneModeler is a desktop GUI tool shipped with Apache Cayenne and intended for editing Cayenne ORM models stored as XML files. If an attacker tricks a user of CayenneModeler into opening a malicious XML file, the attacker will be able to instruct the XML parser built into CayenneModeler to transfer files from a local machine to a remote machine controlled by the attacker. The cause of the issue is XML parser processing XML External Entity (XXE) declarations included in XML. The vulnerability is addressed in Cayenne by disabling XXE processing in all operations that require XML parsing.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Apache Cayenne CayenneModeler 安全漏洞
Vulnerability Description
Apache Cayenne是美国阿帕奇(Apache)软件基金会的一款提供对象关系映射(ORM)和远程服务的开源持久性框架。CayenneModeler是其中的一个图形用户界面。 Apache Cayenne中的CayenneModeler存在安全漏洞,该漏洞源于XML解析器处理了包含在XML中的XML外部实体声明。攻击者可通过诱使用户打开恶意的XML文件利用该漏洞将本地设备上的文件传输到攻击者控制的远程设备上。以下版本受到影响:Apache Cayenne 4.1.M1版本,3.2.M1版本,4.0.
CVSS Information
N/A
Vulnerability Type
N/A