Improper Input Validation in Apache Jackrabbit
Moderate severity
GitHub Reviewed
Published
May 14, 2022
to the GitHub Advisory Database
•
Updated Apr 12, 2024
Package
Affected versions
<= 2.0.5
>= 2.2.0, <= 2.2.13
>= 2.4.0, <= 2.4.5
>= 2.6.0, <= 2.6.5
= 2.8.0
= 2.10.0
Patched versions
2.0.6
2.2.14
2.4.6
2.6.6
2.8.1
2.10.1
Description
Published by the National Vulnerability Database
May 29, 2015
Published to the GitHub Advisory Database
May 14, 2022
Reviewed
Jul 6, 2022
Last updated
Apr 12, 2024
Credits
-
MarkLee131 Analyst
XML external entity (XXE) vulnerability in Apache Jackrabbit before 2.0.6, 2.2.x before 2.2.14, 2.4.x before 2.4.6, 2.6.x before 2.6.6, 2.8.x before 2.8.1, and 2.10.x before 2.10.1 allows remote attackers to read arbitrary files and send requests to intranet servers via a crafted WebDAV request.
References