Why the supposedly fixed CVE-2020-36641 vulnerability is still exploitable—And what to do about it
Dynatrace
JANUARY 23, 2024
Figure 1: XML external entity inclusion attack via man-In-the-middle Another scenario would be an XML response containing a pointer to read the contents of a local file on the client’s machine as shown in Figure 2. Reporting this incident We contacted the repository owner of aXMLRPC and made them aware of our finding.
Let's personalize your content