Vulnerability: Apache Cocoon 2.1.12 - XML Injection

Apache Cocoon 2.1.12 is susceptible to XML injection. When using the StreamGenerator, the code parses a user-provided XML. A specially crafted XML, including external system entities, can be used to access any file on the server system.

Impact

Successful exploitation of this vulnerability can lead to unauthorized access, data leakage, and remote code execution.

Severity

high

Verified

Unknown