CVE-2019-20104

The OpenID client application in Atlassian Crowd before version 3.6.2, and from version 3.7.0 before 3.7.1 allows remote attackers to perform a Denial of Service attack via an XML Entity Expansion vulnerability.
Configurations

Configuration 1

cpe:2.3:a:atlassian:crowd:*:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:crowd:*:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:crowd:*:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:crowd:*:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:crowd:*:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:crowd:*:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:crowd:*:*:*:*:*:*:*:*

Information

Published : 2020-02-06 03:15

Updated : 2022-01-01 07:56


NVD link : CVE-2019-20104

Mitre link : CVE-2019-20104

Products Affected
No products.
CWE
CWE-776

Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')