Primary

Context

Peergos WebDav Servlet XML External Entity Injection Vulnerability

Vulnerability

A vulnerability allowing XML External Entity (XXE) injection has been identified in the WebDav servlet of Peergos, affecting versions through 1.1.0. The issue arises from improper handling of XML external entity references in the 'getDocumentBuilder()' method, which could be exploited to manipulate XML data processing.

Impact

Exploitation of this vulnerability could lead to XXE injection, allowing attackers to interfere with the application's XML processing. This could result in the application disclosing internal files or potentially executing arbitrary code, depending on the application's environment and how it handles the extracted data.

Remediation

The vulnerability has been addressed in the official Peergos repository. Users should update to the latest version.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Peergos WebDav Servlet XML External Entity Injection Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating