Home > Vulnerability Database > WS-2019-0065

Mend.io Vulnerability Database

WS-2019-0065

Good to know:

Date: July 6, 2018

An XML eXternal Entity (XXE) Injection was discovered in pmml-model before version 1.4.3. A remote attacker can exploit this vulnerability by sending a request to submit malicious External Entity references within the embedded XML metadata to the target system.

Language: Java

Severity Score

7.3

Related Resources (3)

Url: https://github.com/jpmml/jpmml-model/commit/494f821ee55e6b1f2949c78781c1d0fa8517867e#diff-322a783849e2119b37122dd21b0f48f2

Url: https://github.com/jpmml/jpmml-model/commit/634bd29da3149b4a51ef84f83c77094534629909#diff-2c822c5f15a6f593e651d95c343d7f3b

Url: https://www.mend.io/vulnerability-database/WS-2019-0065

Severity Score

7.3

Weakness Type (CWE)

Injection

CWE-74

Top Fix

Upgrade Version

Upgrade to version 1.4.3

Learn More

CVSS v3.1

Base Score:	7.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

WS-2019-0065

Good to know:

Date: July 6, 2018

Language: Java

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?