In mxGraphViewImageReader.java in mxGraph before 3.7.6, the SAXParserFactory instance in convert() is missing flags to prevent XML External Entity (XXE) attacks, as demonstrated by /ServerView.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2018-02-24T02:00:00
Updated: 2024-08-05T21:13:49.091Z
Reserved: 2018-02-23T00:00:00
Link: CVE-2017-18197
Vulnrichment
No data.
NVD
Status : Modified
Published: 2018-02-24T02:29:01.893
Modified: 2024-11-21T03:19:32.410
Link: CVE-2017-18197
Redhat