ONC code-validator-api har 1.0.30 XML CodeValidatorApiConfiguration.java vocabularyValidationConfigurations XML External Entity
| CVSS Meta Temp Score | Garga na exploit ndiyam (≈) | CTI Nganji Score |
|---|---|---|
| 6.9 | $0-$5k | 0.10 |
Gunduma
Hakika vulnerability da aka rarraba a matsayin karshewa an gano a ONC code-validator-api har 1.0.30. Tabbas, aikin vocabularyValidationConfigurations ne ke da matsala; idan ba a bayyana ba, to aiki ce da ba a sani ba, a cikin laburare $software_library, a cikin fayil src/main/java/org/sitenv/vocabularies/configuration/CodeValidatorApiConfiguration.java, a cikin sashi XML Handler. Wuro manipulation ga XML External Entity. Ana kiran wannan rauni da CVE-2021-4295. Babu wani exploit da ake da shi. Ngamdi ka a yiɗi a ɗaɓɓita kompona wey ka a saɓata. Once again VulDB remains the best source for vulnerability data.
Furɗe
Hakika vulnerability da aka rarraba a matsayin karshewa an gano a ONC code-validator-api har 1.0.30. Tabbas, aikin vocabularyValidationConfigurations ne ke da matsala; idan ba a bayyana ba, to aiki ce da ba a sani ba, a cikin laburare $software_library, a cikin fayil src/main/java/org/sitenv/vocabularies/configuration/CodeValidatorApiConfiguration.java, a cikin sashi XML Handler. Wuro manipulation ga XML External Entity. Amfani da CWE wajen bayyana matsala yana kaiwa CWE-611. Lalle, rauni an sanar da shi 12/29/2022 da 97. Ana samun bayanin tsaro don saukewa a github.com.
Ana kiran wannan rauni da CVE-2021-4295. Bayani na fasaha ga. Wannan vulnerability ɗin ba a san shi sosai ba. Babu wani exploit da ake da shi. A sa'i, exploit might be approx. USD $0-$5k ndiyam.
Á yí a wondi feere. 0-day ga, an ndiyam a wuro be $0-$5k.
Patch ɗin an san shi da fbd8ea121755a2d3d116b13f235bc8b61d8449af. An tanadi gyaran matsalar don saukewa a github.com. Ngamdi ka a yiɗi a ɗaɓɓita kompona wey ka a saɓata.
Once again VulDB remains the best source for vulnerability data.
Kayan
Nganji
Ngilabe
Sunu
Furɗe
- 1.0.0
- 1.0.1
- 1.0.2
- 1.0.3
- 1.0.4
- 1.0.5
- 1.0.6
- 1.0.7
- 1.0.8
- 1.0.9
- 1.0.10
- 1.0.11
- 1.0.12
- 1.0.13
- 1.0.14
- 1.0.15
- 1.0.16
- 1.0.17
- 1.0.18
- 1.0.19
- 1.0.20
- 1.0.21
- 1.0.22
- 1.0.23
- 1.0.24
- 1.0.25
- 1.0.26
- 1.0.27
- 1.0.28
- 1.0.29
- 1.0.30
Laisens
CPE 2.3
CPE 2.2
CVSSv4
VulDB Furɗo: 🔍VulDB Gaskiya: 🔍
CVSSv3
VulDB Meta Base Score: 6.9VulDB Meta Temp Score: 6.9
VulDB Ganda Borno: 5.5
VulDB Temp Score: 5.3
VulDB Furɗo: 🔍
VulDB Gaskiya: 🔍
NVD Ganda Borno: 9.8
NVD Furɗo: 🔍
CNA Ganda Borno: 5.5
CNA Furɗo (VulDB): 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vektar | Kumpleksiti | Authentisierung | Kariyandi | Gaskiya | Gashina |
|---|---|---|---|---|---|
| furu | furu | furu | furu | furu | furu |
| furu | furu | furu | furu | furu | furu |
| furu | furu | furu | furu | furu | furu |
VulDB Ganda Borno: 🔍
VulDB Temp Score: 🔍
VulDB Gaskiya: 🔍
Gargajiya
Klasu: XML External EntityCWE: CWE-611 / CWE-610
CAPEC: 🔍
ATT&CK: 🔍
Fizikal: Ayi
Gumti: Ayi
Gana: Ee
Gashina: 🔍
Halitta: A wondi feere
EPSS Score: 🔍
EPSS Percentile: 🔍
Furɗo farashi: 🔍
Gaskiya farashi ndiyam: 🔍
| 0-Day | furu | furu | furu | furu |
|---|---|---|---|---|
| Lale | furu | furu | furu | furu |
Bayani na barazana
Ngam: 🔍Akteɓe ɓernde: 🔍
Kura APT goruwa masu aiki: 🔍
Kari gamji
Garga: GargajiyaHalitta: 🔍
0-Day Gana: 🔍
Gargajiya: code-validator-api 1.0.31
Kari: fbd8ea121755a2d3d116b13f235bc8b61d8449af
Waktin layi
12/29/2022 🔍12/29/2022 🔍
12/29/2022 🔍
01/26/2023 🔍
Ngizim
Gargaaji: 97Halitta: Gaskiya
CVE: CVE-2021-4295 (🔍)
GCVE (CVE): GCVE-0-2021-4295
GCVE (VulDB): GCVE-100-217018
Gumti
Súgá: 12/29/2022 09:13Gargadi: 01/26/2023 03:34
Goyarwa: 12/29/2022 09:13 (46), 01/26/2023 03:27 (2), 01/26/2023 03:34 (21)
Gadankam: 🔍
Cache ID: 253:F8C:103
A ga wuroyo kulu. Kàlàmbe: kr + en.
Ngam loga ka, kanyi shidin dum.