First published: Mon Jan 25 2021(Updated: )
An XML external entity (XXE) injection vulnerability was discovered in the Nutch DmozParser and is known to affect Nutch versions < 1.18. XML external entity injection (also known as XXE) is a web security vulnerability that allows an attacker to interfere with an application's processing of XML data. It often allows an attacker to view files on the application server filesystem, and to interact with any back-end or external systems that the application itself can access. This issue is fixed in Apache Nutch 1.18.
Credit: security@apache.org
Affected Software | Affected Version | How to fix |
---|---|---|
Apache Nutch | <1.18 | |
NetApp Snap Creator Framework |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-23901 is an XML external entity (XXE) injection vulnerability in Nutch DmozParser.
CVE-2021-23901 affects Nutch versions prior to 1.18.
XML external entity (XXE) injection vulnerability is a web security vulnerability that allows an attacker to interfere with an application's processing of XML data.
CVE-2021-23901 has a severity rating of 9.1 (Critical).
To fix CVE-2021-23901, update Nutch to version 1.18 or higher.