Description

XXE issue in Airsonic before 10.1.2 during parse.

Remediation

References

https://github.com/airsonic/airsonic/blob/master/CHANGELOG.md

https://github.com/airsonic/airsonic/releases/tag/v10.2.1

Related Vulnerabilities

CVE-2019-12086 Vulnerability in maven package com.fasterxml.jackson.core:jackson-databind

CVE-2021-23348 Vulnerability in npm package portprocesses

CVE-2021-23429 Vulnerability in npm package transpile

CVE-2023-23848 Vulnerability in maven package org.jenkins-ci.plugins:synopsys-coverity

CVE-2022-36010 Vulnerability in npm package react-editable-json-tree

Severity

Critical

Classification

CWE-611 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Release Notes Third Party Advisory