{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-29T23:14:20.771","vulnerabilities":[{"cve":{"id":"CVE-2023-41034","sourceIdentifier":"security-advisories@github.com","published":"2023-08-31T18:15:09.020","lastModified":"2024-11-21T08:20:25.577","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Eclipse Leshan is a device management server and client Java implementation. In affected versions DDFFileParser` and `DefaultDDFFileValidator` (and so `ObjectLoader`) are vulnerable to `XXE Attacks`. A DDF file is a LWM2M format used to store LWM2M object description. Leshan users are impacted only if they parse untrusted DDF files (e.g. if they let external users provide their own model), in that case they MUST upgrade to fixed version. If you parse only trusted DDF file and validate only with trusted xml schema, upgrading is not mandatory.  This issue has been fixed in versions 1.5.0 and 2.0.0-M13. Users are advised to upgrade. There are no known workarounds for this vulnerability."},{"lang":"es","value":"Eclipse Leshan es una implementación Java de servidor y cliente de gestión de dispositivos. En las versiones afectadas, 'DDFFileParser' y 'DefaultDDFFileValidator' (y por lo tanto 'ObjectLoader') son vulnerables a 'XXE Attacks'. Un archivo DDF es un formato LWM2M utilizado para almacenar la descripción de objetos LWM2M. Los usuarios de Leshan se ven afectados solo si analizan archivos DDF no confiables (p. ej., si permiten que usuarios externos proporcionen su propio modelo), en ese caso DEBEN actualizar a la versión corregida. Si solo analiza archivos DDF confiables y valida solo con esquemas XML confiables, la actualización no es obligatoria. Este problema se ha corregido en las versiones 1.5.0 y 2.0.0-M13. Se aconseja a los usuarios que actualicen. No se conocen soluciones alternativas para esta vulnerabilidad."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":4.2},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-611"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:eclipse:leshan:*:*:*:*:*:*:*:*","versionEndExcluding":"1.5.0","matchCriteriaId":"0BAB8220-65D9-49C4-A405-E467D18DA48B"},{"vulnerable":true,"criteria":"cpe:2.3:a:eclipse:leshan:2.0.0:milestone1:*:*:*:*:*:*","matchCriteriaId":"A9CD995F-4DDF-4E8A-BCF9-B70128AC91A0"},{"vulnerable":true,"criteria":"cpe:2.3:a:eclipse:leshan:2.0.0:milestone10:*:*:*:*:*:*","matchCriteriaId":"966926A3-EF5B-4478-A78E-37D664221ECB"},{"vulnerable":true,"criteria":"cpe:2.3:a:eclipse:leshan:2.0.0:milestone11:*:*:*:*:*:*","matchCriteriaId":"C22BE585-DC78-4483-B7CF-C9315873C913"},{"vulnerable":true,"criteria":"cpe:2.3:a:eclipse:leshan:2.0.0:milestone12:*:*:*:*:*:*","matchCriteriaId":"92268218-018E-4924-A2CF-2D2DB4D36F11"},{"vulnerable":true,"criteria":"cpe:2.3:a:eclipse:leshan:2.0.0:milestone2:*:*:*:*:*:*","matchCriteriaId":"A4055FDA-E535-4675-B6D3-812D7A3E9C1B"},{"vulnerable":true,"criteria":"cpe:2.3:a:eclipse:leshan:2.0.0:milestone3:*:*:*:*:*:*","matchCriteriaId":"A700BAD9-5289-49DB-9B9E-E7710522086E"},{"vulnerable":true,"criteria":"cpe:2.3:a:eclipse:leshan:2.0.0:milestone4:*:*:*:*:*:*","matchCriteriaId":"7CE7B0A5-CF9B-469F-9DB6-4CCEB0F36269"},{"vulnerable":true,"criteria":"cpe:2.3:a:eclipse:leshan:2.0.0:milestone5:*:*:*:*:*:*","matchCriteriaId":"E7E15E8A-B316-4CD5-9330-14F6A7E2C69C"},{"vulnerable":true,"criteria":"cpe:2.3:a:eclipse:leshan:2.0.0:milestone6:*:*:*:*:*:*","matchCriteriaId":"FFD798EF-A5BD-4E21-ABA4-F3AD00E9E7C7"},{"vulnerable":true,"criteria":"cpe:2.3:a:eclipse:leshan:2.0.0:milestone7:*:*:*:*:*:*","matchCriteriaId":"93448A3D-67AB-474C-AEFA-ABBD7DD7B9E1"},{"vulnerable":true,"criteria":"cpe:2.3:a:eclipse:leshan:2.0.0:milestone8:*:*:*:*:*:*","matchCriteriaId":"B52ECC69-1524-4581-88AE-4CE7DC47DC33"},{"vulnerable":true,"criteria":"cpe:2.3:a:eclipse:leshan:2.0.0:milestone9:*:*:*:*:*:*","matchCriteriaId":"2254C713-BE7F-40D7-BDF3-901C03406FA7"}]}]}],"references":[{"url":"https://github.com/eclipse-leshan/leshan/commit/29577d2879ba8e7674c3b216a7f01193fc7ae013","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/eclipse-leshan/leshan/commit/4d3e63ac271a817f81fba3e3229c519af7a3049c","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/eclipse-leshan/leshan/security/advisories/GHSA-wc9j-gc65-3cm7","source":"security-advisories@github.com","tags":["Mitigation","Third Party Advisory"]},{"url":"https://github.com/eclipse-leshan/leshan/wiki/Adding-new-objects#the-lwm2m-model","source":"security-advisories@github.com","tags":["Product"]},{"url":"https://owasp.org/www-community/vulnerabilities/XML_External_Entity_(XXE)_Processing","source":"security-advisories@github.com","tags":["Not Applicable"]},{"url":"https://github.com/eclipse-leshan/leshan/commit/29577d2879ba8e7674c3b216a7f01193fc7ae013","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://github.com/eclipse-leshan/leshan/commit/4d3e63ac271a817f81fba3e3229c519af7a3049c","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://github.com/eclipse-leshan/leshan/security/advisories/GHSA-wc9j-gc65-3cm7","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Third Party Advisory"]},{"url":"https://github.com/eclipse-leshan/leshan/wiki/Adding-new-objects#the-lwm2m-model","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Product"]},{"url":"https://owasp.org/www-community/vulnerabilities/XML_External_Entity_(XXE)_Processing","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Not Applicable"]}]}}]}