1. Home
  2. CVE Database
  3. CVE-2021-23901
CRITICAL · 9.1

CVE-2021-23901

An XML external entity (XXE) injection vulnerability was discovered in the Nutch DmozParser and is known to affect Nutch versions < 1.18. XML external entity injection (also known as XXE) is a web sec...

Vulnerability Description

An XML external entity (XXE) injection vulnerability was discovered in the Nutch DmozParser and is known to affect Nutch versions < 1.18. XML external entity injection (also known as XXE) is a web security vulnerability that allows an attacker to interfere with an application's processing of XML data. It often allows an attacker to view files on the application server filesystem, and to interact with any back-end or external systems that the application itself can access. This issue is fixed in Apache Nutch 1.18.

CVSS Score

9.1

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
NONE

Affected Products

VendorProductVersions
ApacheNutch< 1.18
NetappSnap Creator Framework-

Related Weaknesses (CWE)

CWE-611

References

FAQ

What is CVE-2021-23901?

CVE-2021-23901 is a vulnerability with a CVSS score of 9.1 (CRITICAL). An XML external entity (XXE) injection vulnerability was discovered in the Nutch DmozParser and is known to affect Nutch versions < 1.18. XML external entity injection (also known as XXE) is a web sec...

How severe is CVE-2021-23901?

CVE-2021-23901 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2021-23901?

Check the references section above for vendor advisories and patch information. Affected products include: Apache Nutch, Netapp Snap Creator Framework.