CVE-2017-15691

Priority
Description
In Apache uimaj prior to 2.10.2, Apache uimaj 3.0.0-xxx prior to
3.0.0-beta, Apache uima-as prior to 2.10.2, Apache uimaFIT prior to 2.4.0,
Apache uimaDUCC prior to 2.2.2, this vulnerability relates to an XML
external entity expansion (XXE) capability of various XML parsers. UIMA as
part of its configuration and operation may read XML from various sources,
which could be tainted in ways to cause inadvertent disclosure of local
files or other internal content.
Notes
Package
Source: uimaj (LP Ubuntu Debian)
Upstream:released (2.10.2-1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was needed)
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 18.04 LTS (Bionic Beaver):needed
Ubuntu 19.04 (Disco Dingo):not-affected (2.10.2-1)
Ubuntu 19.10 (Eoan):not-affected (2.10.2-1)
More Information

Updated: 2019-10-18 02:31:55 UTC (commit cccfc4426d8c1fbf582a89d981fe7fc812124543)