[CVE-2020-11991] Apache Cocoon security vulnerability
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected: Apache Cocoon up to 2.1.12
Description: When using the StreamGenerator, the code parse a
user-provided XML.
A specially crafted XML, including external system entities, could be
used to access any file on the server system.
Mitigation:
The StreamGenerator now ignores external entities. 2.1.x users should
upgrade to 2.1.13
Example:
With the following input :
<!--?xml version="1.0" ?--> <!DOCTYPE replace [<!ENTITY ent SYSTEM
"file:///etc/shadow"> ]> <userInfo> <firstName>John</firstName>
<lastName>&ent;</lastName> </userInfo> an attacker got the content of
/etc/shadow
Credit: This issue was discovered by Nassim Asrir.
Regards,
--
Cédric Damioli