Home > Vulnerability Database > CVE-2021-4295

Mend.io Vulnerability Database

CVE-2021-4295

Good to know:

Date: December 29, 2022

A vulnerability classified as problematic was found in ONC code-validator-api up to 1.0.30. This vulnerability affects the function vocabularyValidationConfigurations of the file src/main/java/org/sitenv/vocabularies/configuration/CodeValidatorApiConfiguration.java of the component XML Handler. The manipulation leads to xml external entity reference. Upgrading to version 1.0.31 is able to address this issue. The name of the patch is fbd8ea121755a2d3d116b13f235bc8b61d8449af. It is recommended to upgrade the affected component. VDB-217018 is the identifier assigned to this vulnerability.

Language: Java

Severity Score

5.5

Related Resources (7)

Url: https://vuldb.com/?ctiid.217018

Url: https://github.com/onc-healthit/code-validator-api/pull/97

Url: https://vuldb.com/?id.217018

Url: https://nvd.nist.gov/vuln/detail/CVE-2021-4295

Url: https://github.com/onc-healthit/code-validator-api/releases/tag/1.0.31

Url: https://github.com/onc-healthit/code-validator-api/commit/fbd8ea121755a2d3d116b13f235bc8b61d8449af

Url: https://www.mend.io/vulnerability-database/CVE-2021-4295

Severity Score

5.5

Weakness Type (CWE)

Improper Restriction of XML External Entity Reference ('XXE')

CWE-611

Top Fix

Upgrade Version

Upgrade to version 1.0.31

Learn More

CVSS v3.1

Base Score:	5.5
Attack Vector (AV):	ADJACENT_NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2021-4295

Good to know:

Date: December 29, 2022

Language: Java

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?