CVE-2017-1000190XML External Entity (XXE) Injection in Project Simplexml

CWE-611XML External Entity (XXE) Injection6 documents5 sources
Severity
9.1CRITICALNVD
EPSS
0.8%
top 26.63%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Simplexml Project SimplexmlApache Solr
Timeline
PublishedNov 17
Latest updateMay 14

Description

SimpleXML (latest version 2.7.1) is vulnerable to an XXE vulnerability resulting SSRF, information disclosure, DoS and so on.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:HExploitability: 3.9 | Impact: 5.2

Affected Packages2 packages

NVDapache/solr8.4.1

🔴Vulnerability Details

4
OSV
SimpleXML has XML External Entity (XXE) vulnerability2022-05-14
GHSA
SimpleXML has XML External Entity (XXE) vulnerability2022-05-14
CVEList
CVE-2017-1000190: SimpleXML (latest version 22017-11-17
OSV
CVE-2017-1000190: SimpleXML (latest version 22017-11-17

📋Vendor Advisories

1
Debian
CVE-2017-1000190: simple-xml - SimpleXML (latest version 2.7.1) is vulnerable to an XXE vulnerability resulting...2017
CVE-2017-1000190 — XML External Entity (XXE) Injection | cvebase