ColdFusion versions 20252, 202314, 202120 and earlier are affected by an Improper Restriction

链接： https://github.com/advisories/GHSA-x499-pm58-q38p

CVSS 评分： 9.3

参考链接：

描述：

ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by an Improper Restriction of XML External Entity Reference (‘XXE’) vulnerability that could result in a Security feature bypass. An attacker could exploit this vulnerability to access sensitive information or denial of service by bypassing security measures. Exploitation of this issue does not require user interaction and scope is changed. The vulnerable component is restricted to internal IP addresses.

安全公告

#Github Advisory

ColdFusion versions 20252, 202314, 202120 and earlier are affected by an Improper Restriction

http://example.com/2025/07/08/github_1026939686/

作者

lianccc

发布于

2025年7月8日

许可协议

Helm vulnerable to Code Injection through malicious chartyaml content 上一篇

Hard-coded login credentials were found in HPE Networking Instant On Access Points, allowing 下一篇