Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Bio-Formats <= 8.3.0 XXE in Leica XLEF Metadata Parser
Vulnerability Description
Bio-Formats versions up to and including 8.3.0 contain an XML External Entity (XXE) vulnerability in the Leica Microsystems metadata parsing component (e.g., XLEF). The parser uses an insecurely configured DocumentBuilderFactory when processing Leica XML-based metadata files, allowing external entity expansion and external DTD loading. A crafted metadata file can trigger outbound network requests (SSRF), access local system resources where readable, or cause a denial of service during XML parsing.
CVSS Information
N/A
Vulnerability Type
XML外部实体引用的不恰当限制(XXE)
Vulnerability Title
Bio-Formats 代码问题漏洞
Vulnerability Description
Bio-Formats是Open Microscopy Environment开源的一个读取和写入各种显微成像专有文件格式的Java库。 Bio-Formats 8.3.0及之前版本存在代码问题漏洞,该漏洞源于Leica Microsystems元数据解析组件存在XML外部实体漏洞,可能导致服务端请求伪造、本地资源访问或拒绝服务。
CVSS Information
N/A
Vulnerability Type
N/A