Common Weakness Enumeration

CWE-610

Discouraged

Externally Controlled Reference to a Resource in Another Sphere

Abstraction: Class · Status: Draft

The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere.

278 vulnerabilities reference this CWE, most recent first.

GHSA-5PMW-CMP3-G6WX

Vulnerability from github – Published: 2025-12-30 15:30 – Updated: 2025-12-30 15:30
VLAI
Details

A vulnerability was detected in beecue FastBee up to 2.1. Impacted is the function getRootElement of the file springboot/fastbee-server/sip-server/src/main/java/com/fastbee/sip/handler/req/ReqAbstractHandler.java of the component SIP Message Handler. The manipulation results in xml external entity reference. It is possible to launch the attack remotely. A high complexity level is associated with this attack. The exploitability is considered difficult. The project owner replied to the issue report: "Okay, we'll handle it as soon as possible."

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-15251"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-610"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-12-30T14:15:53Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability was detected in beecue FastBee up to 2.1. Impacted is the function getRootElement of the file springboot/fastbee-server/sip-server/src/main/java/com/fastbee/sip/handler/req/ReqAbstractHandler.java of the component SIP Message Handler. The manipulation results in xml external entity reference. It is possible to launch the attack remotely. A high complexity level is associated with this attack. The exploitability is considered difficult. The project owner replied to the issue report: \"Okay, we\u0027ll handle it as soon as possible.\"",
  "id": "GHSA-5pmw-cmp3-g6wx",
  "modified": "2025-12-30T15:30:37Z",
  "published": "2025-12-30T15:30:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15251"
    },
    {
      "type": "WEB",
      "url": "https://gitee.com/beecue/fastbee/issues/ID7HNZ"
    },
    {
      "type": "WEB",
      "url": "https://gitee.com/beecue/fastbee/issues/ID7HNZ#note_47777408_link"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.338641"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.338641"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-5QH3-HXX9-W26P

Vulnerability from github – Published: 2026-06-24 15:31 – Updated: 2026-06-24 18:32
VLAI
Details

Jenkins OWASP ZAP Plugin 1.0.7 and earlier performs build operations on the Jenkins controller rather than the assigned agent, allowing attackers with Item/Configure permission to execute arbitrary code on the Jenkins controller.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-57301"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-610"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-24T14:17:36Z",
    "severity": "HIGH"
  },
  "details": "Jenkins OWASP ZAP Plugin 1.0.7 and earlier performs build operations on the Jenkins controller rather than the assigned agent, allowing attackers with Item/Configure permission to execute arbitrary code on the Jenkins controller.",
  "id": "GHSA-5qh3-hxx9-w26p",
  "modified": "2026-06-24T18:32:39Z",
  "published": "2026-06-24T15:31:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-57301"
    },
    {
      "type": "WEB",
      "url": "https://www.jenkins.io/security/advisory/2026-06-24/#SECURITY-3649"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-5RFV-XR3J-466J

Vulnerability from github – Published: 2023-01-05 21:30 – Updated: 2023-01-12 03:30
VLAI
Details

A vulnerability, which was classified as critical, was found in soshtolsus wing-tight. This affects an unknown part of the file index.php. The manipulation of the argument p leads to file inclusion. It is possible to initiate the attack remotely. Upgrading to version 1.0.0 is able to address this issue. The name of the patch is 567bc33e6ed82b0d0179c9add707ac2b257aeaf2. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217515.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2014-125044"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-610",
      "CWE-73"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-01-05T20:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "A vulnerability, which was classified as critical, was found in soshtolsus wing-tight. This affects an unknown part of the file index.php. The manipulation of the argument p leads to file inclusion. It is possible to initiate the attack remotely. Upgrading to version 1.0.0 is able to address this issue. The name of the patch is 567bc33e6ed82b0d0179c9add707ac2b257aeaf2. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217515.",
  "id": "GHSA-5rfv-xr3j-466j",
  "modified": "2023-01-12T03:30:15Z",
  "published": "2023-01-05T21:30:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-125044"
    },
    {
      "type": "WEB",
      "url": "https://github.com/soshtolsus/wing-tight/commit/567bc33e6ed82b0d0179c9add707ac2b257aeaf2"
    },
    {
      "type": "WEB",
      "url": "https://github.com/soshtolsus/wing-tight/releases/tag/1.0.0"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.217515"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.217515"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-5V8C-888F-WWXG

Vulnerability from github – Published: 2025-10-06 18:31 – Updated: 2025-10-06 18:31
VLAI
Details

A security flaw has been discovered in Jinher OA up to 2.0. This affects an unknown function of the file /c6/Jhsoft.Web.module/eformaspx/WebDesign.aspx/?type=SystemUserInfo&style=1. Performing manipulation results in xml external entity reference. Remote exploitation of the attack is possible. The exploit has been released to the public and may be exploited.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-11341"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-610",
      "CWE-611"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-06T17:16:04Z",
    "severity": "MODERATE"
  },
  "details": "A security flaw has been discovered in Jinher OA up to 2.0. This affects an unknown function of the file /c6/Jhsoft.Web.module/eformaspx/WebDesign.aspx/?type=SystemUserInfo\u0026style=1. Performing manipulation results in xml external entity reference. Remote exploitation of the attack is possible. The exploit has been released to the public and may be exploited.",
  "id": "GHSA-5v8c-888f-wwxg",
  "modified": "2025-10-06T18:31:06Z",
  "published": "2025-10-06T18:31:06Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11341"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rookie1006/CVE/issues/2"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.327226"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.327226"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.664613"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-5W25-5HHF-992C

Vulnerability from github – Published: 2022-05-24 16:57 – Updated: 2022-05-24 16:57
VLAI
Details

In the Activity Manager service, there is a possible information disclosure due to a confused deputy. This could lead to local disclosure of current foreground process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-115384617

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-9292"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-610"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-09-27T19:15:00Z",
    "severity": "LOW"
  },
  "details": "In the Activity Manager service, there is a possible information disclosure due to a confused deputy. This could lead to local disclosure of current foreground process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-115384617",
  "id": "GHSA-5w25-5hhf-992c",
  "modified": "2022-05-24T16:57:20Z",
  "published": "2022-05-24T16:57:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9292"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/android-10"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-682J-2P53-XP5F

Vulnerability from github – Published: 2022-10-19 19:00 – Updated: 2022-12-16 19:48
VLAI
Summary
Agent-to-controller security bypass vulnerability in Jenkins BMC Compuware Source Code Download for Endevor, PDS, and ISPW Plugin
Details

BMC Compuware Source Code Download for Endevor, PDS, and ISPW Plugin 2.0.12 and earlier implements an agent/controller message that does not limit where it can be executed.

It allows attackers able to control agent processes to obtain the values of Java system properties from the Jenkins controller process.

This vulnerability is only exploitable in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier. See the LTS upgrade guide.

BMC Compuware Source Code Download for Endevor, PDS, and ISPW Plugin 2.0.13 restricts execution of the agent/controller message to agents.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "com.compuware.jenkins:compuware-scm-downloader"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.0.13"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-43423"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-610",
      "CWE-693"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-10-19T22:01:36Z",
    "nvd_published_at": "2022-10-19T16:15:00Z",
    "severity": "MODERATE"
  },
  "details": "BMC Compuware Source Code Download for Endevor, PDS, and ISPW Plugin 2.0.12 and earlier implements an agent/controller message that does not limit where it can be executed.\n\nIt allows attackers able to control agent processes to obtain the values of Java system properties from the Jenkins controller process.\n\nThis vulnerability is only exploitable in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier. See the [LTS upgrade guide](https://www.jenkins.io/doc/upgrade-guide/2.303/#upgrading-to-jenkins-lts-2-303-3).\n\nBMC Compuware Source Code Download for Endevor, PDS, and ISPW Plugin 2.0.13 restricts execution of the agent/controller message to agents.",
  "id": "GHSA-682j-2p53-xp5f",
  "modified": "2022-12-16T19:48:51Z",
  "published": "2022-10-19T19:00:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43423"
    },
    {
      "type": "WEB",
      "url": "https://github.com/jenkinsci/compuware-scm-downloader-plugin/commit/115f057078baad506e2b34b74f4f0600f81990b3"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/jenkinsci/compuware-scm-downloader-plugin"
    },
    {
      "type": "WEB",
      "url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2622"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2022/10/19/3"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Agent-to-controller security bypass vulnerability in Jenkins BMC Compuware Source Code Download for Endevor, PDS, and ISPW Plugin"
}

GHSA-69P6-GP5X-J269

Vulnerability from github – Published: 2024-07-25 21:31 – Updated: 2024-11-18 16:26
VLAI
Summary
snapd failed to properly check the destination of symbolic links when extracting a snap
Details

In snapd versions prior to 2.62, snapd failed to properly check the destination of symbolic links when extracting a snap. The snap format is a squashfs file-system image and so can contain symbolic links and other file types. Various file entries within the snap squashfs image (such as icons and desktop files etc) are directly read by snapd when it is extracted. An attacker who could convince a user to install a malicious snap which contained symbolic links at these paths could then cause snapd to write out the contents of the symbolic link destination into a world-readable directory. This in-turn could allow an unprivileged user to gain access to privileged information.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/snapcore/snapd"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.62"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-29069"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-59",
      "CWE-610"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-07-26T16:39:29Z",
    "nvd_published_at": "2024-07-25T20:15:04Z",
    "severity": "LOW"
  },
  "details": "In snapd versions prior to 2.62, snapd failed to properly check the destination of symbolic links when extracting a snap. The snap format is a squashfs file-system image and so can contain symbolic links and other file types. Various file entries within the snap squashfs image (such as icons and desktop files etc) are directly read by snapd when it is extracted. An attacker who could convince a user to install a malicious snap which contained symbolic links at these paths could then cause snapd to write out the contents of the symbolic link destination into a world-readable directory. This in-turn could allow an unprivileged user to gain access to privileged information.",
  "id": "GHSA-69p6-gp5x-j269",
  "modified": "2024-11-18T16:26:55Z",
  "published": "2024-07-25T21:31:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29069"
    },
    {
      "type": "WEB",
      "url": "https://github.com/snapcore/snapd/pull/13682"
    },
    {
      "type": "WEB",
      "url": "https://github.com/snapcore/snapd/commit/b66fee81606a1c05f965a876ccbaf44174194063"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/snapcore/snapd"
    },
    {
      "type": "WEB",
      "url": "https://pkg.go.dev/vuln/GO-2024-3009"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "snapd failed to properly check the destination of symbolic links when extracting a snap"
}

GHSA-6CQX-9V42-Q8F8

Vulnerability from github – Published: 2023-09-05 18:30 – Updated: 2024-04-04 07:29
VLAI
Details

A file write vulnerability exists in the OAS Engine configuration functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to arbitrary file creation or overwrite. An attacker can send a sequence of requests to trigger this vulnerability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-32615"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-610",
      "CWE-73"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-09-05T17:15:08Z",
    "severity": "HIGH"
  },
  "details": "A file write vulnerability exists in the OAS Engine configuration functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to arbitrary file creation or overwrite. An attacker can send a sequence of requests to trigger this vulnerability.",
  "id": "GHSA-6cqx-9v42-q8f8",
  "modified": "2024-04-04T07:29:10Z",
  "published": "2023-09-05T18:30:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32615"
    },
    {
      "type": "WEB",
      "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1771"
    },
    {
      "type": "WEB",
      "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1771"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-6M27-7CQJ-2MXW

Vulnerability from github – Published: 2022-05-14 01:00 – Updated: 2023-07-26 21:43
VLAI
Summary
Shopware XXE Vulnerability
Details

Shopware before 5.3.4 has a PHP Object Instantiation issue via the sort parameter to the loadPreviewAction() method of the Shopware_Controllers_Backend_ProductStream controller, with resultant XXE via instantiation of a SimpleXMLElement object.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "shopware/shopware"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.3.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2017-18357"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-610"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-07-26T21:43:32Z",
    "nvd_published_at": "2019-01-15T16:29:00Z",
    "severity": "MODERATE"
  },
  "details": "Shopware before 5.3.4 has a PHP Object Instantiation issue via the sort parameter to the loadPreviewAction() method of the Shopware_Controllers_Backend_ProductStream controller, with resultant XXE via instantiation of a SimpleXMLElement object.",
  "id": "GHSA-6m27-7cqj-2mxw",
  "modified": "2023-07-26T21:43:32Z",
  "published": "2022-05-14T01:00:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-18357"
    },
    {
      "type": "WEB",
      "url": "https://blog.ripstech.com/2017/shopware-php-object-instantiation-to-blind-xxe"
    },
    {
      "type": "WEB",
      "url": "https://demo.ripstech.com/projects/shopware_5.3.3"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/152995/Shopware-createInstanceFromNamedArguments-PHP-Object-Instantiation.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Shopware XXE Vulnerability"
}

GHSA-6MQQ-RW6C-7747

Vulnerability from github – Published: 2022-03-01 00:00 – Updated: 2022-03-17 00:04
VLAI
Details

Users of the LearnPress WordPress plugin before 4.1.5 can upload an image as a profile avatar after the registration. After this process the user crops and saves the image. Then a "POST" request that contains user supplied name of the image is sent to the server for renaming and cropping of the image. As a result of this request, the name of the user-supplied image is changed with a MD5 value. This process can be conducted only when type of the image is JPG or PNG. An attacker can use this vulnerability in order to rename an arbitrary image file. By doing this, they could destroy the design of the web site.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-0377"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-327",
      "CWE-610",
      "CWE-73"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-02-28T09:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Users of the LearnPress WordPress plugin before 4.1.5 can upload an image as a profile avatar after the registration. After this process the user crops and saves the image. Then a \"POST\" request that contains user supplied name of the image is sent to the server for renaming and cropping of the image. As a result of this request, the name of the user-supplied image is changed with a MD5 value. This process can be conducted only when type of the image is JPG or PNG. An attacker can use this vulnerability in order to rename an arbitrary image file. By doing this, they could destroy the design of the web site.",
  "id": "GHSA-6mqq-rw6c-7747",
  "modified": "2022-03-17T00:04:53Z",
  "published": "2022-03-01T00:00:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0377"
    },
    {
      "type": "WEB",
      "url": "https://github.com/LearnPress/learnpress/commit/d1dc4af7ef2950f1000abc21bd9520fb3eb98faf"
    },
    {
      "type": "WEB",
      "url": "https://bozogullarindan.com/en/2022/01/wordpress-learnpress-plugin-4.1.4.1-arbitrary-image-renaming"
    },
    {
      "type": "WEB",
      "url": "https://wpscan.com/vulnerability/0d95ada6-53e3-4a80-a395-eacd7b090f26"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

No mitigation information available for this CWE.

CAPEC-219: XML Routing Detour Attacks

An attacker subverts an intermediate system used to process XML content and forces the intermediate to modify and/or re-route the processing of the content. XML Routing Detour Attacks are Adversary in the Middle type attacks (CAPEC-94). The attacker compromises or inserts an intermediate system in the processing of the XML message. For example, WS-Routing can be used to specify a series of nodes or intermediaries through which content is passed. If any of the intermediate nodes in this route are compromised by an attacker they could be used for a routing detour attack. From the compromised system the attacker is able to route the XML process to other nodes of their choice and modify the responses so that the normal chain of processing is unaware of the interception. This system can forward the message to an outside entity and hide the forwarding and processing from the legitimate processing systems by altering the header information.