LabKey Server 19.1.0 - XML External Entity (XXE)

Short Info

Level

High

Single Scan

Can be used by

Asset Owner

Estimated Time

10 seconds

Time Interval

17 days 21 hours

Scan only one

Domain, Subdomain, IPv4

Toolbox

-

An issue was discovered in LabKey Server 19.1.0. Sending an SVG containing an XXE payload to the endpoint visualization-exportImage.view or visualization-exportPDF.view allows local files to be read.

References:

https://rhinosecuritylabs.com/application-security/labkey-server-vulnerabilities-to-rce/
https://github.com/LabKey/Issues/issues/37636
https://nvd.nist.gov/vuln/detail/CVE-2019-9757

Get started to protecting your digital assets

Start trial See the plans

LabKey Server 19.1.0 - XML External Entity (XXE)

Short Info

-

Detail

Category