{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77955?format=json","vulnerability_id":"VCID-5nmu-rws2-p7fg","summary":"The _clone function in XML::LibXML before 2.0119 does not properly set the expand_entities option, which allows remote attackers to conduct XML external entity (XXE) attacks via crafted XML data to the (1) new or (2) load_xml function.","aliases":[{"alias":"CVE-2015-3451"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4607?format=json","purl":"pkg:deb/debian/libxml-libxml-perl@2.0001%2Bdfsg-1%2Bdeb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5nmu-rws2-p7fg"},{"vulnerability":"VCID-brs8-trgj-jbc5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml-libxml-perl@2.0001%252Bdfsg-1%252Bdeb7u1"},{"url":"http://public2.vulnerablecode.io/api/packages/4609?format=json","purl":"pkg:deb/debian/libxml-libxml-perl@2.0116%2Bdfsg-1%2Bdeb8u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5nmu-rws2-p7fg"},{"vulnerability":"VCID-brs8-trgj-jbc5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml-libxml-perl@2.0116%252Bdfsg-1%252Bdeb8u2"},{"url":"http://public2.vulnerablecode.io/api/packages/104539?format=json","purl":"pkg:deb/debian/libxml-libxml-perl@2.0116%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml-libxml-perl@2.0116%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/5111?format=json","purl":"pkg:deb/debian/libxml-libxml-perl@2.0128%2Bdfsg-1%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-brs8-trgj-jbc5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml-libxml-perl@2.0128%252Bdfsg-1%252Bdeb9u1"},{"url":"http://public2.vulnerablecode.io/api/packages/104540?format=json","purl":"pkg:deb/debian/libxml-libxml-perl@2.0134%2Bdfsg-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7dqx-gjdz-cug2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml-libxml-perl@2.0134%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104538?format=json","purl":"pkg:deb/debian/libxml-libxml-perl@2.0207%2Bdfsg%2Breally%2B2.0134-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7dqx-gjdz-cug2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml-libxml-perl@2.0207%252Bdfsg%252Breally%252B2.0134-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104542?format=json","purl":"pkg:deb/debian/libxml-libxml-perl@2.0207%2Bdfsg%2Breally%2B2.0134-5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7dqx-gjdz-cug2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml-libxml-perl@2.0207%252Bdfsg%252Breally%252B2.0134-5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104541?format=json","purl":"pkg:deb/debian/libxml-libxml-perl@2.0207%2Bdfsg%2Breally%2B2.0134-8?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml-libxml-perl@2.0207%252Bdfsg%252Breally%252B2.0134-8%3Fdistro=trixie"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4601?format=json","purl":"pkg:deb/debian/libxml-libxml-perl@1.31-2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5nmu-rws2-p7fg"},{"vulnerability":"VCID-brs8-trgj-jbc5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml-libxml-perl@1.31-2"},{"url":"http://public2.vulnerablecode.io/api/packages/4602?format=json","purl":"pkg:deb/debian/libxml-libxml-perl@1.58-0.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5nmu-rws2-p7fg"},{"vulnerability":"VCID-brs8-trgj-jbc5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml-libxml-perl@1.58-0.3"},{"url":"http://public2.vulnerablecode.io/api/packages/4603?format=json","purl":"pkg:deb/debian/libxml-libxml-perl@1.59-2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5nmu-rws2-p7fg"},{"vulnerability":"VCID-brs8-trgj-jbc5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml-libxml-perl@1.59-2"},{"url":"http://public2.vulnerablecode.io/api/packages/4604?format=json","purl":"pkg:deb/debian/libxml-libxml-perl@1.66-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5nmu-rws2-p7fg"},{"vulnerability":"VCID-brs8-trgj-jbc5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml-libxml-perl@1.66-1"},{"url":"http://public2.vulnerablecode.io/api/packages/4605?format=json","purl":"pkg:deb/debian/libxml-libxml-perl@1.70.ds-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5nmu-rws2-p7fg"},{"vulnerability":"VCID-brs8-trgj-jbc5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml-libxml-perl@1.70.ds-1"},{"url":"http://public2.vulnerablecode.io/api/packages/4606?format=json","purl":"pkg:deb/debian/libxml-libxml-perl@1.70.ds-1%2Bdeb6u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5nmu-rws2-p7fg"},{"vulnerability":"VCID-brs8-trgj-jbc5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml-libxml-perl@1.70.ds-1%252Bdeb6u1"},{"url":"http://public2.vulnerablecode.io/api/packages/4607?format=json","purl":"pkg:deb/debian/libxml-libxml-perl@2.0001%2Bdfsg-1%2Bdeb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5nmu-rws2-p7fg"},{"vulnerability":"VCID-brs8-trgj-jbc5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml-libxml-perl@2.0001%252Bdfsg-1%252Bdeb7u1"},{"url":"http://public2.vulnerablecode.io/api/packages/4608?format=json","purl":"pkg:deb/debian/libxml-libxml-perl@2.0116%2Bdfsg-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5nmu-rws2-p7fg"},{"vulnerability":"VCID-brs8-trgj-jbc5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml-libxml-perl@2.0116%252Bdfsg-1"},{"url":"http://public2.vulnerablecode.io/api/packages/4609?format=json","purl":"pkg:deb/debian/libxml-libxml-perl@2.0116%2Bdfsg-1%2Bdeb8u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5nmu-rws2-p7fg"},{"vulnerability":"VCID-brs8-trgj-jbc5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml-libxml-perl@2.0116%252Bdfsg-1%252Bdeb8u2"}],"references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3451.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3451.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-3451","reference_id":"","reference_type":"","scores":[{"value":"0.03365","scoring_system":"epss","scoring_elements":"0.87573","published_at":"2026-06-04T12:55:00Z"},{"value":"0.03365","scoring_system":"epss","scoring_elements":"0.87594","published_at":"2026-06-05T12:55:00Z"},{"value":"0.03365","scoring_system":"epss","scoring_elements":"0.87592","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-3451"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3451","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3451"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1216112","reference_id":"1216112","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1216112"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=783443","reference_id":"783443","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=783443"},{"reference_url":"https://usn.ubuntu.com/2592-1/","reference_id":"USN-2592-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2592-1/"}],"weaknesses":[{"cwe_id":611,"name":"Improper Restriction of XML External Entity Reference","description":"The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output."}],"exploits":[],"severity_range_score":null,"exploitability":"0.5","weighted_severity":"0.0","risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5nmu-rws2-p7fg"}