CVE-2016-3674 Vulnerability in maven package org.jbehave:jbehave-core

Description

Multiple XML external entity (XXE) vulnerabilities in the (1) Dom4JDriver, (2) DomDriver, (3) JDomDriver, (4) JDom2Driver, (5) SjsxpDriver, (6) StandardStaxDriver, and (7) WstxDriver drivers in XStream before 1.4.9 allow remote attackers to read arbitrary files via a crafted XML document.

Remediation

References

http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183180.html

http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183208.html

http://rhn.redhat.com/errata/RHSA-2016-2822.html

http://rhn.redhat.com/errata/RHSA-2016-2823.html

http://www.debian.org/security/2016/dsa-3575

http://www.openwall.com/lists/oss-security/2016/03/25/8

http://www.openwall.com/lists/oss-security/2016/03/28/1

http://www.securityfocus.com/bid/85381

http://www.securitytracker.com/id/1036419

http://x-stream.github.io/changes.html#1.4.9

https://github.com/x-stream/xstream/issues/25

Related Vulnerabilities

CVE-2023-30516 Vulnerability in maven package org.jenkins-ci.plugins:image-tag-parameter

CVE-2018-14042 Vulnerability in maven package org.webjars.bowergithub.angular-ui:bootstrap

CVE-2021-23375 Vulnerability in npm package psnode

CVE-2019-10249 Vulnerability in maven package org.eclipse.xtext:org.eclipse.xtext.maven.parent

CVE-2020-26299 Vulnerability in npm package ftp-srv

Severity

High

Classification

CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N