CVE-2021-23901
XML external entity (XXE) injection in Apache Nutch
9.1
CRITICAL
CVSS 3.1
EPSS 1.1%
描述
An XML external entity (XXE) injection vulnerability was discovered in the Nutch DmozParser and is known to affect Nutch versions < 1.18. XML external entity injection (also known as XXE) is a web security vulnerability that allows an attacker to interfere with an application's processing of XML data. It often allows an attacker to view files on the application server filesystem, and to interact with any back-end or external systems that the application itself can access. This issue is fixed in Apache Nutch 1.18.
如何修補 CVE-2021-23901
要修補 CVE-2021-23901,請將受影響套件升級到下列已修補版本。
- —升級至 1.18 或更新版本
CVE-2021-23901 正在被利用嗎?
低 — EPSS 為 1.1%,目前沒有觀察到大規模利用活動。
受影響套件(1)
- from 0, < 1.18
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | CRITICAL9.1 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N |