CVE-2020-36641

Summary

A vulnerability classified as problematic was found in gturri aXMLRPC up to 1.12.0. This vulnerability affects the function ResponseParser of the file src/main/java/de/timroes/axmlrpc/ResponseParser.java. The manipulation leads to xml external entity reference. Upgrading to version 1.14.0 is able to address this issue. The patch is identified as 456752ebc1ef4c0db980cb5b01a0b3cd0a9e0bae. It is recommended to upgrade the affected component. VDB-217450 is the identifier assigned to this vulnerability.

Affected Software

VendorProductVersion RangeStatus
gturriaXMLRPC1.0affected
gturriaXMLRPC1.1affected
gturriaXMLRPC1.2affected
gturriaXMLRPC1.3affected
gturriaXMLRPC1.4affected
gturriaXMLRPC1.5affected
gturriaXMLRPC1.6affected
gturriaXMLRPC1.7affected
gturriaXMLRPC1.8affected
gturriaXMLRPC1.9affected
gturriaXMLRPC1.10affected
gturriaXMLRPC1.11affected
gturriaXMLRPC1.12affected

Weaknesses

  • CWE-611: CWE-611 XML External Entity Reference

ADP Enrichment

CVE Program Container

Additional References

References