Vulnerabilities > Apache > Commons Jelly

DATE CVE VULNERABILITY TITLE RISK
2017-09-28 CVE-2017-12621 XXE vulnerability in Apache Commons Jelly 1.0
During Jelly (xml) file parsing with Apache Xerces, if a custom doctype entity is declared with a "SYSTEM" entity with a URL and that entity is used in the body of the Jelly file, during parser instantiation the parser will attempt to connect to said URL.
network
low complexity
apache CWE-611
critical
9.8