XXE via XML External Entity in HuTool XML Parsing Module (<5.8.19)
CVE-2023-3276 Published on June 15, 2023

Dromara HuTool XML Parsing Module XmlUtil.java readBySax xml external entity reference
A vulnerability, which was classified as problematic, has been found in Dromara HuTool up to 5.8.19. Affected by this issue is the function readBySax of the file XmlUtil.java of the component XML Parsing Module. The manipulation leads to xml external entity reference. The exploit has been disclosed to the public and may be used. VDB-231626 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

NVD

Timeline

Advisory disclosed

CVE reserved

VulDB entry created

VulDB entry last update 29 days later.

Weakness Type

What is a XXE Vulnerability?

The software processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

CVE-2023-3276 has been classified to as a XXE vulnerability or weakness.


Products Associated with CVE-2023-3276

Want to know whenever a new CVE is published for Dromara Hutool? stack.watch will email you.

Dromara Hutool
 

Affected Versions

Dromara HuTool:

Exploit Probability

EPSS
0.16%
Percentile
36.31%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.