CVE-2023-49733

CVE-2023-49733: Apache Cocoon's StreamGenerator is vulnerable to XXE injection

Vendor Apache Software Foundation

Product Apache Cocoon

Weakness CWE-611 · XXE

Published November 30, 2023

Last update February 13, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

Improper Restriction of XML External Entity Reference vulnerability in Apache Cocoon.This issue affects Apache Cocoon: from 2.2.0 before 2.3.0. Users are recommended to upgrade to version 2.3.0, which fixes the issue.

Key dates

Disclosure timeline

November 30, 2023 CVE published

February 13, 2025 Record updated