Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Tolgee has an XXE Injection in Translation Import
Vulnerability Description
Tolgee is an open-source localization platform. Prior to 3.166.3, the XML parsers used for importing Android XML resources (.xml) and .resx files don't disable external entity processing. An authenticated user who can import translation files into a project can exploit this to read arbitrary files from the server and make server-side requests to internal services. This vulnerability is fixed in 3.166.3.
CVSS Information
N/A
Vulnerability Type
XML外部实体引用的不恰当限制(XXE)
Vulnerability Title
Tolgee 代码问题漏洞
Vulnerability Description
Tolgee是Tolgee开源的一个开源的多语言翻译和本地化平台,旨在帮助开发团队轻松管理和维护多语言的软件应用程序和网站。 Tolgee 3.166.3之前版本存在代码问题漏洞,该漏洞源于用于导入Android XML资源和.resx文件的XML解析器未禁用外部实体处理,可能导致读取服务器任意文件和服务端请求伪造。
CVSS Information
N/A
Vulnerability Type
N/A