The _clone function in XML::LibXML before 2.0119 does not properly set the expand_entities option, which allows remote attackers to conduct XML external entity (XXE) attacks via crafted XML data to the (1) new or (2) load_xml function.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2015-05-12T19:00:00
Updated: 2016-12-30T15:57:01
Reserved: 2015-04-29T00:00:00
Link: CVE-2015-3451
JSON object: View
NVD Information
Status : Analyzed
Published: 2015-05-12T19:59:21.827
Modified: 2020-04-29T13:17:10.467
Link: CVE-2015-3451
JSON object: View
Redhat Information
No data.
CWE