{"url":"http://public2.vulnerablecode.io/api/packages/78624?format=json","purl":"pkg:maven/org.apache.cocoon/cocoon@2.1","type":"maven","namespace":"org.apache.cocoon","name":"cocoon","version":"2.1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2.3.0","latest_non_vulnerable_version":"2.3.0","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/53568?format=json","vulnerability_id":"VCID-gven-bm92-qkam","summary":"Improper Restriction of XML External Entity Reference\nWhen using the StreamGenerator, the code parse a user-provided XML. A specially crafted XML, including external system entities, could be used to access any file on the server system.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-11991","reference_id":"","reference_type":"","scores":[{"value":"0.93142","scoring_system":"epss","scoring_elements":"0.99801","published_at":"2026-06-04T12:55:00Z"},{"value":"0.93142","scoring_system":"epss","scoring_elements":"0.99802","published_at":"2026-06-07T12:55:00Z"},{"value":"0.93142","scoring_system":"epss","scoring_elements":"0.99803","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-11991"},{"reference_url":"https://lists.apache.org/thread.html/r77add973ea521185e1a90aca00ba9dae7caa8d8b944d92421702bb54%40%3Cusers.cocoon.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r77add973ea521185e1a90aca00ba9dae7caa8d8b944d92421702bb54%40%3Cusers.cocoon.apache.org%3E"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-11991","reference_id":"CVE-2020-11991","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-11991"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/78626?format=json","purl":"pkg:maven/org.apache.cocoon/cocoon@2.1.13","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cocoon/cocoon@2.1.13"}],"aliases":["CVE-2020-11991"],"risk_score":1.6,"exploitability":"2.0","weighted_severity":"0.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gven-bm92-qkam"}],"fixing_vulnerabilities":[],"risk_score":"1.6","resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cocoon/cocoon@2.1"}