Advisory ID:

NFLX-2015-001

Advisory Title:

External Entity Injection (XXE) in recipes-rss open-source application

Author:

Scott Behrens / sbehrens@netflix.com

Release Date:

02/22/2015

Application:

recipes-rss

Source:

https://github.com/Netflix/recipes-rss

Severity:

High

Overview:

An XML external entity injection (XXE) vulnerability was discovered in the Netflix recipes-rss open-source application. An attacker that exploits this attack may use it to read arbitrary files or AWS meta-data from the underlying web server.

Patch:

Netflix/recipes-rss#13

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

nflx-2015-001.md

nflx-2015-001.md

Advisory ID:

Advisory Title:

Author:

Release Date:

Application:

Source:

Severity:

Overview:

Patch:

Files

nflx-2015-001.md

Latest commit

History

nflx-2015-001.md

File metadata and controls

Advisory ID:

Advisory Title:

Author:

Release Date:

Application:

Source:

Severity:

Overview:

Patch: