Total
5 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-24783 | 1 Apache | 1 Cocoon | 2025-07-15 | N/A | 7.5 HIGH |
|
** UNSUPPORTED WHEN ASSIGNED ** Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) vulnerability in Apache Cocoon.
This issue affects Apache Cocoon: all versions.
When a continuation is created, it gets a random identifier. Because the random number generator used to generate these identifiers was seeded with the startup time, it may not have been sufficiently unpredictable, and an attacker could use this to guess continuation ids and look up continuations they should not have h ...
Show More |
|||||
| CVE-2003-1172 | 1 Apache | 1 Cocoon | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in the view-source sample file in Apache Software Foundation Cocoon 2.1 and 2.2 allows remote attackers to access arbitrary files via a .. (dot dot) in the filename parameter.
|
|||||
| CVE-2023-49733 | 1 Apache | 1 Cocoon | 2025-02-13 | N/A | 9.8 CRITICAL |
|
Improper Restriction of XML External Entity Reference vulnerability in Apache Cocoon.This issue affects Apache Cocoon: from 2.2.0 before 2.3.0.
Users are recommended to upgrade to version 2.3.0, which fixes the issue.
|
|||||
| CVE-2022-45135 | 1 Apache | 1 Cocoon | 2025-02-13 | N/A | 9.8 CRITICAL |
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Cocoon.This issue affects Apache Cocoon: from 2.2.0 before 2.3.0.
Users are recommended to upgrade to version 2.3.0, which fixes the issue.
|
|||||
| CVE-2020-11991 | 1 Apache | 1 Cocoon | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
When using the StreamGenerator, the code parse a user-provided XML. A specially crafted XML, including external system entities, could be used to access any file on the server system.
|
|||||