Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2016-9487 Vulnerability in maven package org.idpf:epubcheck

Description

EpubCheck 4.0.1 does not properly restrict resolving external entities when parsing XML in EPUB files during validation. An attacker who supplies a specially crafted EPUB file may be able to exploit this behavior to read arbitrary files, or have the victim execute arbitrary requests on his behalf, abusing the victim's trust relationship with other entities.

Remediation

References

https://www.kb.cert.org/vuls/id/779243

https://www.securityfocus.com/bid/94864/

Related Vulnerabilities

CVE-2018-1339 Vulnerability in maven package org.apache.tika:tika-parsers

CVE-2020-1912 Vulnerability in npm package hermes-engine

CVE-2022-48285 Vulnerability in maven package org.webjars.npm:jszip

CVE-2019-15782 Vulnerability in maven package org.webjars.npm:webtorrent

CVE-2020-26256 Vulnerability in maven package org.webjars.npm:fast-csv

Severity

High

Classification

CWE-611 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Tags

Third Party Advisory US Government Resource VDB Entry