Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Improper Restriction of XML External Entity Reference in de.tud.sse
Vulnerability Description
FlowDroid is a data flow analysis tool. FlowDroid versions prior to 2.9.0 contained an XML external entity (XXE) vulnerability that allowed an attacker who had control over the source/sink definition file in XML format to read files from external locations. In order for this to occur, the XML-based format for sources and sinks had to be used and the attacker had to able control the source/sink definition file. The vulnerability was patched in version 2.9.0. As a workaround, do not allow untrusted entities to control the source/sink definition file.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
XML外部实体引用的不恰当限制(XXE)
Vulnerability Title
FlowDroid 代码问题漏洞
Vulnerability Description
FlowDroid是一个应用软件。一个数据流分析工具。 FlowDroid 2.9.0 之前的版本存在安全漏洞,该漏洞允许控制 XML 格式的源/接收器定义文件的攻击者从外部位置读取文件。
CVSS Information
N/A
Vulnerability Type
N/A