Back to search
CVE-2021-23926
Published: Jan 14, 2021
Modified: Feb 13, 2025
PUBLISHED
Description
The XML parsers used by XMLBeans up to version 2.6.0 did not set the properties needed to protect the user from malicious XML input. Vulnerabilities include possibilities for XML Entity Expansion attacks. Affects XMLBeans up to and including v2.6.0.
| Vendor | Product | Versions |
|---|---|---|
Apache Software Foundation | Apache XMLBeans | affected Apache XMLBeans - <= 2.6.0 |
References
https://poi.apache.org/
x_refsource_MISC
https://issues.apache.org/jira/browse/XMLBEANS-517
x_refsource_MISC
[axis-java-dev] 20210312 xmlbeans 2.6.0 and CVE-2021-23926
mailing-list
x_refsource_MLIST
[axis-java-dev] 20210312 Re: xmlbeans 2.6.0 and CVE-2021-23926
mailing-list
x_refsource_MLIST
[debian-lts-announce] 20210628 [SECURITY] [DLA 2693-1] xmlbeans security update
mailing-list
x_refsource_MLIST
https://www.oracle.com/security-alerts/cpuoct2021.html
x_refsource_MISC
https://security.netapp.com/advisory/ntap-20210513-0004/
x_refsource_CONFIRM
https://www.oracle.com/security-alerts/cpujul2022.html
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now