The _clone function in XML::LibXML before 2.0119 does not properly set the expand_entities option, which allows remote attackers to conduct XML external entity (XXE) attacks via crafted XML data to the (1) new or (2) load_xml function.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
History
No history.
Information
Published : 2015-05-12 19:59
Updated : 2024-02-04 18:53
NVD link : CVE-2015-3451
Mitre link : CVE-2015-3451
CVE.ORG link : CVE-2015-3451
JSON object : View
Products Affected
debian
- debian_linux
opensuse
- opensuse
xml-libxml_project
- xml-libxml
canonical
- ubuntu_linux
fedoraproject
- fedora
CWE
CWE-611
Improper Restriction of XML External Entity Reference