CVE-2015-3451

EPSS 3.4%

libxml-libxml-perl - security update

發布日:2015/5/12修改日:2026/4/28

也稱為:DEBIAN-CVE-2015-3451

描述

The _clone function in XML::LibXML before 2.0119 does not properly set the expand_entities option, which allows remote attackers to conduct XML external entity (XXE) attacks via crafted XML data to the (1) new or (2) load_xml function.

受影響套件(3)

Debian/libxml-libxml-perlfrom 0, < 2.0116+dfsg-2
Debian/libxml-libxml-perlfrom 0, < 1.70.ds-1+deb6u1
Debian/libxml-libxml-perlfrom 0, < 2.0001+dfsg-1+deb7u1

參考連結(1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2015-3451