Vulnerability Details : CVE-2014-1626
XML External Entity (XXE) vulnerability in MARC::File::XML module before 1.0.2 for Perl, as used in Evergreen, Koha, perl4lib, and possibly other products, allows context-dependent attackers to read arbitrary files via a crafted XML file.
Vulnerability category: XML external entity (XXE) injection
Products affected by CVE-2014-1626
- cpe:2.3:a:galen_charlton:marc-xml:*:*:*:*:*:*:*:*
- cpe:2.3:a:galen_charlton:marc-xml:1.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-1626
0.24%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 62 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-1626
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2014-1626
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-1626
-
http://www.securityfocus.com/bid/65057
Perl 'MARC::File::XML' Module XML External Entity Information Disclosure Vulnerability
-
http://libmail.georgialibraries.org/pipermail/open-ils-general/2014-January/009442.html
[OPEN-ILS-GENERAL] SECURITY release: MARC::File::XML 1.0.2
-
http://lists.katipo.co.nz/pipermail/koha/2014-January/038430.html
[Koha] SECURITY release: MARC::File::XML 1.0.2
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/90620
MARC::File::XML module for Perl XML information disclosure CVE-2014-1626 Vulnerability Report
-
http://www.nntp.perl.org/group/perl.perl4lib/2014/01/msg3073.html
SECURITY release: MARC::File::XML 1.0.2 - nntp.perl.org
-
https://metacpan.org/source/GMCHARLT/MARC-XML-1.0.2/Changes
Changes - metacpan.org
Jump to