WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2016-9487 Vulnerability in maven package org.idpf:epubcheck

Description

EpubCheck 4.0.1 does not properly restrict resolving external entities when parsing XML in EPUB files during validation. An attacker who supplies a specially crafted EPUB file may be able to exploit this behavior to read arbitrary files, or have the victim execute arbitrary requests on his behalf, abusing the victim's trust relationship with other entities.

Remediation

References

https://www.kb.cert.org/vuls/id/779243

https://www.securityfocus.com/bid/94864/

Related Vulnerabilities

CVE-2020-4045 Vulnerability in npm package ssb-server

CVE-2021-25949 Vulnerability in npm package set-getter

CVE-2020-35214 Vulnerability in maven package io.atomix:atomix

CVE-2017-16020 Vulnerability in npm package summit

CVE-2020-11998 Vulnerability in maven package org.apache.activemq:activemq-broker

Severity

High

Classification

CWE-611 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Tags

Third Party Advisory US Government Resource VDB Entry