Apache Ivy Injection Flaw Let Attackers Exfiltrate Sensitive Data

22 August 2023

A blind XPath injection vulnerability was discovered in Apache Software Foundation Apache Ivy, which allows threat actors to exfiltrate data and access sensitive information that is restricted to only the machine that runs Apache Ivy. This vulnerability exists in the parsing of XML files in versions lesser than 2.5.2 while parsing its own configuration, Maven POMs (Project Object Models), which allows external document downloading and expansion of any entity references.

Source: GBHackers

Date:

22 August 2023

Categorie(s):

NEWS

Tag(s):

Apache, Attackers, Cyber Security News, Flaws, Injections

Good Security Is About Iteration, Not Perfection.28 April 2024
Week in review: Two Cisco ASA zero-days exploited, MITRE breach, GISEC Global 202428 April 2024
Security budgets are growing, but so is vendor sprawl27 April 2024
The Top 5 Benefits Of Using Outsourcing Services27 April 2024
How To Repair PST Files In Under 5 Minutes Like A Pro27 April 2024