CNNVD-202601-881 Information

CNNVD ID

CNNVD-202601-881

Related CVE

CVE-2025-68280

• CNNVD Published: 2026-01-05

Description (Chinese)

Apache SIS是Apache基金会的一个空间信息开源库。 Apache SIS 0.4版本至1.5版本存在安全漏洞，该漏洞源于XML外部实体引用限制不当，可能导致读取服务器本地文件。

Description (English)

Apache SIS is an open source of space information for the Apache Foundation. There is a security loophole between Appache SIS version 0.4 and version 1.5, which stems from inappropriate reference restrictions by an external XML entity and may lead to access to the server ’ s local files.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

阿帕奇

Published

2026-01-05

Last Modified

2026-02-24

References

https://lists.apache.org/thread/s4ggy3zbtrrn93glgo2vn52lgcxk4bp4 http://www.openwall.com/lists/oss-security/2026/01/05/11 http://www.openwall.com/lists/oss-security/2026/01/05/7 https://access.redhat.com/security/cve/cve-2025-68280

Patch

https://sis.apache.org/downloads.html