Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2016-9487 Vulnerability in maven package org.idpf:epubcheck

Description

EpubCheck 4.0.1 does not properly restrict resolving external entities when parsing XML in EPUB files during validation. An attacker who supplies a specially crafted EPUB file may be able to exploit this behavior to read arbitrary files, or have the victim execute arbitrary requests on his behalf, abusing the victim's trust relationship with other entities.

Remediation

References

https://www.kb.cert.org/vuls/id/779243

https://www.securityfocus.com/bid/94864/

Related Vulnerabilities

CVE-2022-36092 Vulnerability in maven package org.xwiki.platform:xwiki-platform-oldcore

CVE-2016-8745 Vulnerability in maven package org.apache.tomcat:tomcat-catalina

CVE-2023-46589 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core

CVE-2023-49293 Vulnerability in npm package vite

CVE-2018-18950 Vulnerability in npm package kindeditor

Severity

High

Classification

CWE-611 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Tags

Third Party Advisory US Government Resource VDB Entry