You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.
expat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed, and each affected application would need its own CVE.
CVE-2013-0340 - Medium Severity Vulnerability
Vulnerable Library - src73.0.3635.0
Library home page: https://chromium.googlesource.com/chromium/src
Found in HEAD commit: d3e1a03ce36b1bbe510f69661f310781c58b3612
Library Source Files (51)
* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.
Vulnerability Details
expat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed, and each affected application would need its own CVE.
Publish Date: 2014-01-21
URL: CVE-2013-0340
CVSS 2 Score Details (6.8)
Base Score Metrics not available
Suggested Fix
Type: Upgrade version
Origin: https://security.gentoo.org/glsa/201701-21
Release Date: 2017-01-11
Fix Resolution: All Expat users should upgrade to the latest version >= expat-2.2.0-r1
Step up your Open Source Security Game with WhiteSource here
The text was updated successfully, but these errors were encountered: