An XML external entity (XXE) injection vulnerability was discovered in the Nutch DmozParser and is known to affect Nutch versions < 1.18. XML external entity injection (also known as XXE) is a web security vulnerability that allows an attacker to interfere with an application's processing of XML data. It often allows an attacker to view files on the application server filesystem, and to interact with any back-end or external systems that the application itself can access. This issue is fixed in Apache Nutch 1.18.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: apache
Published: 2021-01-25T09:25:14
Updated: 2021-05-13T20:06:10
Reserved: 2021-01-12T00:00:00
Link: CVE-2021-23901
JSON object: View
NVD Information
Status : Modified
Published: 2021-01-25T10:16:33.470
Modified: 2023-11-07T03:31:01.137
Link: CVE-2021-23901
JSON object: View
Redhat Information
No data.
CWE