1 results (0.002 seconds)
CVSS: 10.0EPSS: 0%CPEs: 13EXPL: 0
CVSS: 10.0EPSS: 0%CPEs: 13EXPL: 0CVE-2023-41034 – DDFFileParser in eclipse leshan is vulnerable to XXE Attacks
https://notcve.org/view.php?id=CVE-2023-41034
31 Aug 2023 — Eclipse Leshan is a device management server and client Java implementation. In affected versions DDFFileParser` and `DefaultDDFFileValidator` (and so `ObjectLoader`) are vulnerable to `XXE Attacks`. A DDF file is a LWM2M format used to store LWM2M object description. Leshan users are impacted only if they parse untrusted DDF files (e.g. if they let external users provide their own model), in that case they MUST upgrade to fixed version. If you parse only trusted DDF file and validate only with trusted xml ... • https://github.com/eclipse-leshan/leshan/commit/29577d2879ba8e7674c3b216a7f01193fc7ae013 • CWE-611: Improper Restriction of XML External Entity Reference •