CVE-2021-23926

Vulnerable Component Details
Type Namespace Name Version Package URL
maven org.apache.xmlbeans xmlbeans 2.6.0 pkg:maven/org.apache.xmlbeans/xmlbeans@2.6.0?type=jar
Vulnerability Details
ID CVE-2021-23926
Description The XML parsers used by XMLBeans up to version 2.6.0 did not set the properties needed to protect the user from malicious XML input. Vulnerabilities include possibilities for XML Entity Expansion attacks. Affects XMLBeans up to and including v2.6.0.
Recommendation . || State: fixed | Fix Versions: 3.0.0. || Upgrade to version 3.0.0 or above.
Ratings
Severity Score Method Vector Source
9.1 CVSSv31 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H ghsa
6.4 CVSSv2 AV:N/AC:L/Au:N/C:P/I:N/A:P nvd
9.1 CVSSv31 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H nvd
7.4 CVSSv31 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H redhat
Related Vulnerabilities
Found By Gitlab Gemnasium , Anchore Grype , Sonotype OSS-Index , Aquasec Trivy
References / Advisories
Weakness Enumeration