{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-19T16:17:44.717","vulnerabilities":[{"cve":{"id":"CVE-2020-11991","sourceIdentifier":"security@apache.org","published":"2020-09-11T14:15:11.160","lastModified":"2026-06-17T02:51:12.500","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"When using the StreamGenerator, the code parse a user-provided XML. A specially crafted XML, including external system entities, could be used to access any file on the server system."},{"lang":"es","value":"Cuando se usa StreamGenerator, el código analiza un XML proporcionado por el usuario. Se podría usar un XML especialmente diseñado, incluyendo las entidades de sistema externas, podría ser usado para acceder a cualquier archivo en el sistema del servidor"}],"affected":[{"source":"security@apache.org","affectedData":[{"vendor":"n/a","product":"Apache Cocoon","versions":[{"version":"Apache Cocoon 2.1.0 to 2.1.12","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-611"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:cocoon:*:*:*:*:*:*:*:*","versionStartIncluding":"2.1","versionEndIncluding":"2.1.12","matchCriteriaId":"566C3048-B9BC-4F9E-A0F0-D354E431AE4C"}]}]}],"references":[{"url":"https://lists.apache.org/thread.html/r77add973ea521185e1a90aca00ba9dae7caa8d8b944d92421702bb54%40%3Cusers.cocoon.apache.org%3E","source":"security@apache.org","tags":["Exploit","Mailing List","Vendor Advisory"]},{"url":"https://lists.apache.org/thread.html/r77add973ea521185e1a90aca00ba9dae7caa8d8b944d92421702bb54%40%3Cusers.cocoon.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Mailing List","Vendor Advisory"]}]}}]}