This page lists publicly disclosed CVE vulnerabilities affecting apache cocoon (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2025-24783 | ** UNSUPPORTED WHEN ASSIGNED ** Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) vulnerability in Apache Cocoon. This issue affects Apache Cocoon: all versions. When a continuation is created, it gets a random identifier. Because the random number generator used to generate these identifiers was seeded with the startup time, it may not have been sufficiently unpredictable, and an attacker could use this to guess continuation ids and look up continuations they should not have h | [email protected] | 7.5 | 0.71% | 2025-01-27 | 2025-07-15 |
| CVE-2023-49733 | Improper Restriction of XML External Entity Reference vulnerability in Apache Cocoon.This issue affects Apache Cocoon: from 2.2.0 before 2.3.0. Users are recommended to upgrade to version 2.3.0, which fixes the issue. | [email protected] | 9.8 | 1.29% | 2023-11-30 | 2025-02-13 |
| CVE-2022-45135 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Cocoon.This issue affects Apache Cocoon: from 2.2.0 before 2.3.0. Users are recommended to upgrade to version 2.3.0, which fixes the issue. | [email protected] | 9.8 | 1.10% | 2023-11-30 | 2025-02-13 |
| CVE-2020-11991 | When using the StreamGenerator, the code parse a user-provided XML. A specially crafted XML, including external system entities, could be used to access any file on the server system. | [email protected] | 7.5 | 73.08% | 2020-09-11 | 2024-11-21 |
| CVE-2003-1172 | Directory traversal vulnerability in the view-source sample file in Apache Software Foundation Cocoon 2.1 and 2.2 allows remote attackers to access arbitrary files via a .. (dot dot) in the filename parameter. | [email protected] | 5.0 | 30.82% | 2003-12-31 | 2026-06-16 |