All the vulnerabilites related to Apache Software Foundation - Apache Nutch
cve-2021-23901
Vulnerability from cvelistv5
Published
2021-01-25 09:25
Modified
2024-08-03 19:14
Severity ?
EPSS score ?
Summary
An XML external entity (XXE) injection vulnerability was discovered in the Nutch DmozParser and is known to affect Nutch versions < 1.18. XML external entity injection (also known as XXE) is a web security vulnerability that allows an attacker to interfere with an application's processing of XML data. It often allows an attacker to view files on the application server filesystem, and to interact with any back-end or external systems that the application itself can access. This issue is fixed in Apache Nutch 1.18.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.apache.org/thread.html/r090321840b44cc91086c4e317bf2baffa270749dde6c1273b6567f7c%40%3Cdev.nutch.apache.org%3E | x_refsource_MISC | |
| https://issues.apache.org/jira/browse/NUTCH-2841 | x_refsource_MISC | |
| https://lists.apache.org/thread.html/r7ddfd680aa7ea001ca8da63bb23e3f8caa095a8b4f2261e46bade5c7%40%3Cdev.nutch.apache.org%3E | mailing-list, x_refsource_MLIST | |
| https://lists.apache.org/thread.html/r5e2f7737b42c73a3325f3c2c8cdee1ec27631b3a0e144104d84d70e6%40%3Cannounce.apache.org%3E | mailing-list, x_refsource_MLIST | |
| https://security.netapp.com/advisory/ntap-20210513-0003/ | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Apache Software Foundation | Apache Nutch |
Version: Apache Nutch < |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:14:09.168Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r090321840b44cc91086c4e317bf2baffa270749dde6c1273b6567f7c%40%3Cdev.nutch.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://issues.apache.org/jira/browse/NUTCH-2841"
},
{
"name": "[nutch-dev] 20210125 Re: CVE-2021-23901: An XML external entity (XXE) injection vulnerability exists in the Nutch DmozParser",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r7ddfd680aa7ea001ca8da63bb23e3f8caa095a8b4f2261e46bade5c7%40%3Cdev.nutch.apache.org%3E"
},
{
"name": "[announce] 20210124 CVE-2021-23901: An XML external entity (XXE) injection vulnerability exists in the Nutch DmozParser",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r5e2f7737b42c73a3325f3c2c8cdee1ec27631b3a0e144104d84d70e6%40%3Cannounce.apache.org%3E"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210513-0003/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache Nutch",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "1.17",
"status": "affected",
"version": "Apache Nutch",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "The Apache Nutch Project Management Committee would like to thank Martin Heyden for reporting this issue."
}
],
"descriptions": [
{
"lang": "en",
"value": "An XML external entity (XXE) injection vulnerability was discovered in the Nutch DmozParser and is known to affect Nutch versions \u003c 1.18. XML external entity injection (also known as XXE) is a web security vulnerability that allows an attacker to interfere with an application\u0027s processing of XML data. It often allows an attacker to view files on the application server filesystem, and to interact with any back-end or external systems that the application itself can access. This issue is fixed in Apache Nutch 1.18."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-611",
"description": "CWE-611 Improper Restriction of XML External Entity Reference (\u0027XXE\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-13T20:06:10",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.apache.org/thread.html/r090321840b44cc91086c4e317bf2baffa270749dde6c1273b6567f7c%40%3Cdev.nutch.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://issues.apache.org/jira/browse/NUTCH-2841"
},
{
"name": "[nutch-dev] 20210125 Re: CVE-2021-23901: An XML external entity (XXE) injection vulnerability exists in the Nutch DmozParser",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r7ddfd680aa7ea001ca8da63bb23e3f8caa095a8b4f2261e46bade5c7%40%3Cdev.nutch.apache.org%3E"
},
{
"name": "[announce] 20210124 CVE-2021-23901: An XML external entity (XXE) injection vulnerability exists in the Nutch DmozParser",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r5e2f7737b42c73a3325f3c2c8cdee1ec27631b3a0e144104d84d70e6%40%3Cannounce.apache.org%3E"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210513-0003/"
}
],
"source": {
"defect": [
"NUTCH-2841"
],
"discovery": "UNKNOWN"
},
"title": "An XML external entity (XXE) injection vulnerability exists in the Nutch DmozParser",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2021-23901",
"STATE": "PUBLIC",
"TITLE": "An XML external entity (XXE) injection vulnerability exists in the Nutch DmozParser"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Nutch",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "Apache Nutch",
"version_value": "1.17"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "The Apache Nutch Project Management Committee would like to thank Martin Heyden for reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An XML external entity (XXE) injection vulnerability was discovered in the Nutch DmozParser and is known to affect Nutch versions \u003c 1.18. XML external entity injection (also known as XXE) is a web security vulnerability that allows an attacker to interfere with an application\u0027s processing of XML data. It often allows an attacker to view files on the application server filesystem, and to interact with any back-end or external systems that the application itself can access. This issue is fixed in Apache Nutch 1.18."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-611 Improper Restriction of XML External Entity Reference (\u0027XXE\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lists.apache.org/thread.html/r090321840b44cc91086c4e317bf2baffa270749dde6c1273b6567f7c%40%3Cdev.nutch.apache.org%3E",
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/r090321840b44cc91086c4e317bf2baffa270749dde6c1273b6567f7c%40%3Cdev.nutch.apache.org%3E"
},
{
"name": "https://issues.apache.org/jira/browse/NUTCH-2841",
"refsource": "MISC",
"url": "https://issues.apache.org/jira/browse/NUTCH-2841"
},
{
"name": "[nutch-dev] 20210125 Re: CVE-2021-23901: An XML external entity (XXE) injection vulnerability exists in the Nutch DmozParser",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r7ddfd680aa7ea001ca8da63bb23e3f8caa095a8b4f2261e46bade5c7@%3Cdev.nutch.apache.org%3E"
},
{
"name": "[announce] 20210124 CVE-2021-23901: An XML external entity (XXE) injection vulnerability exists in the Nutch DmozParser",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r5e2f7737b42c73a3325f3c2c8cdee1ec27631b3a0e144104d84d70e6@%3Cannounce.apache.org%3E"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210513-0003/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210513-0003/"
}
]
},
"source": {
"defect": [
"NUTCH-2841"
],
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2021-23901",
"datePublished": "2021-01-25T09:25:14",
"dateReserved": "2021-01-12T00:00:00",
"dateUpdated": "2024-08-03T19:14:09.168Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}