MicroMathematics version before commit 5c05ac8 contains a...
Critical severity
Unreviewed
Published
May 14, 2022
to the GitHub Advisory Database
•
Updated Feb 2, 2023
Description
Published by the National Vulnerability Database
Dec 20, 2018
Published to the GitHub Advisory Database
May 14, 2022
Last updated
Feb 2, 2023
MicroMathematics version before commit 5c05ac8 contains a XML External Entity (XXE) vulnerability in SMathStudio files that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via Specially crafted SMathStudio files. This vulnerability appears to have been fixed in after commit 5c05ac8.
References