CVE-2014-0171

Publication date

2015-01-15 15:00:00

Family

redhat

State

PUBLISHED

Description

XML external entity (XXE) vulnerability in StaxXMLFactoryProvider2 in Odata4j, as used in Red Hat JBoss Data Virtualization before 6.0.0 patch 4, allows remote attackers to read arbitrary files via a crafted request to a REST endpoint.