Open dmytro-sylaiev opened 2 years ago
Simple XML is vulnerable to XML External Entity (XXE).
The library does not properly disable external entities during deserialization, allowing a malicious user to inject and execute arbitrary code through it or reveal sensitive information.
Details: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000190
https://github.com/ngallagher/simplexml/issues/18
attritionorg
commented
2 years ago
Simple XML is vulnerable to XML External Entity (XXE).
The library does not properly disable external entities during deserialization, allowing a malicious user to inject and execute arbitrary code through it or reveal sensitive information.
Details: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000190