An XML external entity (XXE) injection vulnerability was discovered in the Any23 StreamUtils.java file and is known to affect Any23 versions < 2.5. XML external entity injection (also known as XXE) is a web security vulnerability that allows an attacker to interfere with an application's processing of XML data. It often allows an attacker to view files on the application server filesystem, and to interact with any back-end or external systems that the application itself can access.

Affected Packages

Maven org.apache.any23:apache-any23

Affected versions: 0 (fixed in 2.5)

Related CVEs

CVE-2021-38555

Key Information

GHSA ID

GHSA-838r-hvwh-24h8

Published

September 13, 2021 8:06 PM

Last Modified

September 24, 2021 1:10 PM

CVSS Score

9.0 /10

Primary Ecosystem

Maven

Primary Package

org.apache.any23:apache-any23

GitHub Reviewed

✓ Yes

Dataset

Last updated: July 28, 2025 6:37 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.