CyberSec.Space Logo
Back to CVE Browser

CVE-2019-1010202

MEDIUM
6.5
CVSS Severity Score
EPSS Score0.1240%
EPSS Percentile12.47th
PublishedJul 23, 2019
Last ModifiedNov 21, 2024

Vulnerability Description

Jeesite 1.2.7 is affected by: XML External Entity (XXE). The impact is: sensitive information disclosure. The component is: convertToModel() function in src/main/java/com.thinkgem.jeesite/modules/act/service/ActProcessService.java. The attack vector is: network connectivity,authenticated,must upload a specially crafted xml file. The fixed version is: 4.0 and later.

Affected Platforms (CPE)

📦
Jeesite

Jeesite

= 1.2.7

References & Advisories

🔗 https://github.com/thinkgem/jeesite/blob/master/src/main/java/com/thinkgem/jeesite/modules/act/service/ActProcessService.java
🔗 https://github.com/thinkgem/jeesite/blob/master/src/main/java/com/thinkgem/jeesite/modules/act/service/ActProcessService.java

Related Vulnerabilities

CVE-2020-192299.8

Jeesite 1.2.7 uses the apache shiro version 1.2.3 affected by CVE-2016-4437. Because of this version of the java deserialization v...

CVE-2019-10102016.5

Jeesite 1.2.7 is affected by: SQL Injection. The impact is: sensitive information disclosure. The component is: updateProcInsIdByB...

CVE-2026-53430

Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in elixir-grpc grpc (GRPC.Compressor.Gzip, GRPC.Mes...

CVE-2026-48854

Allocation of Resources Without Limits or Throttling vulnerability in elixir-grpc grpc allows unauthenticated attackers to exhaust...