CVE-2025-53689— Apache Jackrabbit: XXE vulnerability in jackrabbit-spi-commons

Apache Jackrabbit: XXE vulnerability in jackrabbit-spi-commons

Blind XXE Vulnerabilities in jackrabbit-spi-commons and jackrabbit-core in Apache Jackrabbit < 2.23.2 due to usage of an unsecured document build to load privileges. Users are recommended to upgrade to versions 2.20.17 (Java 8), 2.22.1 (Java 11) or 2.23.2 (Java 11, beta versions), which fix this issue. Earlier versions (up to 2.20.16) are not supported anymore, thus users should update to the respective supported version.

N/A

XML外部实体引用的不恰当限制(XXE)

Apache Jackrabbit 安全漏洞

Apache Jackrabbit是美国阿帕奇（Apache）公司的一个内容存储库。 Apache Jackrabbit 2.23.2之前版本存在安全漏洞，该漏洞源于jackrabbit-spi-commons和jackrabbit-core存在盲XXE漏洞。

N/A

N/A