Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Elastic App Search versions after 7.11.0 and before 7.12.0 contain an XML External Entity Injection issue (XXE) in the App Search web crawler beta feature. Using this vector, an attacker whose website is being crawled by App Search could craft a malicious sitemap.xml to traverse the filesystem of the host running the instance and obtain sensitive files.
CVSS Information
N/A
Vulnerability Type
XML外部实体引用的不恰当限制(XXE)
Vulnerability Title
Elastic App Search web crawler 代码问题漏洞
Vulnerability Description
Elastic App Search web crawler是美国Elastic公司的一个应用软件。提供了更大的可扩展性和性能增强。 App Search web crawler 存在代码问题漏洞,该漏洞源于企业搜索中没有充分验证用户提供的XML输入。以下产品及版本受到影响:App Search web crawler: before 7.12.1 。
CVSS Information
N/A
Vulnerability Type
N/A