Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2020-36641

Good to know:

icon
icon

Date: January 5, 2023

A vulnerability classified as problematic was found in gturri aXMLRPC up to 1.12.0. This vulnerability affects the function ResponseParser of the file src/main/java/de/timroes/axmlrpc/ResponseParser.java. The manipulation leads to xml external entity reference. Upgrading to version 1.14.0 is able to address this issue. The patch is identified as 456752ebc1ef4c0db980cb5b01a0b3cd0a9e0bae. It is recommended to upgrade the affected component. VDB-217450 is the identifier assigned to this vulnerability.

Language: Java

Severity Score

Related Resources (9)

https://github.com/gturri/aXMLRPC/commit/ad6615b3ec41353e614f6ea5fdd5b046442a832b
https://github.com/gturri/aXMLRPC/releases/tag/aXMLRPC-1.12.1
https://github.com/gturri/aXMLRPC/releases/tag/aXMLRPC-1.14.0
https://vuldb.com/?ctiid.217450
https://vuldb.com/?id.217450
https://github.com/gturri/aXMLRPC
https://github.com/gturri/aXMLRPC/commit/456752ebc1ef4c0db980cb5b01a0b3cd0a9e0bae
https://nvd.nist.gov/vuln/detail/CVE-2020-36641
https://www.mend.io/vulnerability-database/CVE-2020-36641

Severity Score

Weakness Type (CWE)

Improper Restriction of XML External Entity Reference ('XXE')

CWE-611

Top Fix

icon

Upgrade Version

Upgrade to version fr.turri:aXMLRPC:1.12.1

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): ADJACENT_NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): LOW
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): LOW
Integrity (I): LOW
Availability (A): LOW

CVSS v2

Base Score:
Access Vector (AV): ADJACENT
Access Complexity (AC): MEDIUM
Authentication (AU): SINGLE
Confidentiality (C): PARTIAL
Integrity (I): PARTIAL
Availability (A): PARTIAL
Additional information:

Do you need more information?

Contact Us