A local, authenticated attacker could use an XML External...
High severity
Unreviewed
Published
Feb 25, 2022
to the GitHub Advisory Database
•
Updated Feb 3, 2023
Description
Published by the National Vulnerability Database
Feb 24, 2022
Published to the GitHub Advisory Database
Feb 25, 2022
Last updated
Feb 3, 2023
A local, authenticated attacker could use an XML External Entity (XXE) attack to exploit weakly configured XML files to access local or remote content. A successful exploit could potentially cause a denial-of-service condition and allow the attacker to arbitrarily read any local file via system-level services.
References