1 results (0.001 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

Apereo Bedework bw-webdav before 4.0.3 allows XXE attacks, as demonstrated by an invite-reply document that reads a local file, related to webdav/servlet/common/MethodBase.java and webdav/servlet/common/PostRequestPars.java. Apereo Bedework bw-webdav en versiones anteriores a la 4.0.3 permite ataques XEE (XML External Entity), que quedan demostrados por un documento invite-reply que lee un archivo local, relacionado con webdav/servlet/common/MethodBase.java y webdav/servlet/common/PostRequestPars.java. • https://github.com/Bedework/bw-webdav/compare/bw-webdav-4.0.2...bw-webdav-4.0.3 https://github.com/Bedework/bw-webdav/pull/1 • CWE-611: Improper Restriction of XML External Entity Reference •