Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
XML External Entity (XXE) Injection
Vulnerability Description
The package com.twelvemonkeys.imageio:imageio-metadata before 3.7.1 are vulnerable to XML External Entity (XXE) Injection due to an insecurely initialized XML parser for reading XMP Metadata. An attacker can exploit this vulnerability if they are able to supply a file (e.g. when an online profile picture is processed) with a malicious XMP segment. If the XMP metadata of the uploaded image is parsed, then the XXE vulnerability is triggered.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
N/A
Vulnerability Title
TwelveMonkeys ImageIO 代码问题漏洞
Vulnerability Description
TwelveMonkeys ImageIO是挪威Harald Kuhr个人开发者的一个 Java 的 ImageIO 的附加插件和扩展。 TwelveMonkeys ImageIO 3.7.1 之前版本存在安全漏洞,该漏洞源于读取XMP元数据的XML解析器初始化不安全,容易受到 XML 外部实体 (XXE) 注入的攻击。
CVSS Information
N/A
Vulnerability Type
N/A