Search for packages
| purl | pkg:maven/org.apache.cocoon/cocoon-core@2.2.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-485r-cgnv-8ygt
Aliases: CVE-2023-49733 GHSA-77jg-cpw9-73vg |
Improper Restriction of XML External Entity Reference vulnerability in Apache Cocoon.This issue affects Apache Cocoon: from 2.2.0 before 2.3.0. Users are recommended to upgrade to version 2.3.0, which fixes the issue. |
Affected by 0 other vulnerabilities. |
|
VCID-e9gp-a2f2-kfdx
Aliases: CVE-2022-45135 GHSA-8v4w-jr33-4rh3 |
Apache Cocoon SQL Injection vulnerability Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Cocoon. This issue affects Apache Cocoon: from 2.2.0 before 2.3.0. Users are recommended to upgrade to version 2.3.0, which fixes the issue. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-gven-bm92-qkam | Improper Restriction of XML External Entity Reference When using the StreamGenerator, the code parse a user-provided XML. A specially crafted XML, including external system entities, could be used to access any file on the server system. |
CVE-2020-11991
|
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-06-04T16:20:24.690883+00:00 | GitLab Importer | Fixing | VCID-gven-bm92-qkam | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cocoon/cocoon-core/CVE-2020-11991.yml | 38.6.0 |
| 2026-06-02T04:46:28.961050+00:00 | GitLab Importer | Affected by | VCID-e9gp-a2f2-kfdx | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cocoon/cocoon-core/CVE-2022-45135.yml | 38.6.0 |
| 2026-06-02T04:46:27.855514+00:00 | GitLab Importer | Affected by | VCID-485r-cgnv-8ygt | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cocoon/cocoon-core/CVE-2023-49733.yml | 38.6.0 |