漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
XML External Entity Injection via Publisher in WSO2 API Manager Allows Reading Arbitrary Files
Vulnerability Description
The component accepts XML input through the publisher without disabling external entity resolution. This allows malicious actors to submit a crafted XML payload that exploits the unescaped external entity references. By leveraging this vulnerability, a malicious actor can read confidential files from the product's file system or access limited HTTP resources reachable via HTTP GET requests to the vulnerable product.
CVSS Information
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Vulnerability Type
XML外部实体引用的不恰当限制(XXE)
Vulnerability Title
WSO2 API Manager 安全漏洞
Vulnerability Description
WSO2 API Manager是美国WSO2公司的一套API生命周期管理解决方案。 WSO2 API Manager publisher存在安全漏洞,该漏洞源于组件接受XML输入时未禁用外部实体解析,可能导致读取文件系统机密文件或访问受限HTTP资源。
CVSS Information
N/A
Vulnerability Type
N/A