{"id":"CVE-2016-15011","details":"A vulnerability classified as problematic was found in e-Contract dssp up to 1.3.1. Affected by this vulnerability is the function checkSignResponse of the file dssp-client/src/main/java/be/e_contract/dssp/client/SignResponseVerifier.java. The manipulation leads to xml external entity reference. Upgrading to version 1.3.2 is able to address this issue. The identifier of the patch is ec4238349691ec66dd30b416ec6eaab02d722302. It is recommended to upgrade the affected component. The identifier VDB-217549 was assigned to this vulnerability.","aliases":["GHSA-77cc-w3wm-6whp"],"modified":"2026-04-11T03:43:34.313613Z","published":"2023-01-06T10:15:09.997Z","references":[{"type":"ADVISORY","url":"https://github.com/e-Contract/dssp/releases/tag/dssp-1.3.2"},{"type":"REPORT","url":"https://vuldb.com/?ctiid.217549"},{"type":"REPORT","url":"https://vuldb.com/?id.217549"},{"type":"FIX","url":"https://github.com/e-Contract/dssp/commit/ec4238349691ec66dd30b416ec6eaab02d722302"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/e-Contract/dssp","events":[{"introduced":"0"},{"fixed":"001ef99b0c8194468de960d007e2d82dcebc3bca"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"1.3.2"}]}},{"type":"GIT","repo":"https://github.com/e-contract/dssp","events":[{"introduced":"0"},{"fixed":"ec4238349691ec66dd30b416ec6eaab02d722302"},{"fixed":"001ef99b0c8194468de960d007e2d82dcebc3bca"}]}],"versions":["dssp-1.2.1","dssp-1.2.2","dssp-1.2.3","dssp-1.2.4","dssp-1.2.5","dssp-1.2.6","dssp-1.3.0","dssp-1.3.1"],"database_specific":{"vanir_signatures":[{"signature_type":"Line","id":"CVE-2016-15011-929806e0","deprecated":false,"source":"https://github.com/e-contract/dssp/commit/ec4238349691ec66dd30b416ec6eaab02d722302","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["18066036635502801806677364178756254862","88369412895184753394283011451803187548","50848458948504730426650075084385046530","91284993680127737564993618090545145416","30779278950355321333621475605602830830","122421578121241373365155348152646941523","267652210589392654099845994262755826062","334808111126213430220547654602188383660","234389204524678077984531197469034242690","152880517379272209571165325006789878786","299871312446227378724863519270618301341","157634544376100154879962283397081738110","103663099829328578689797223848801574827","158563421165358858389893196995983570762","315965584007238676040631750953088200664"]},"target":{"file":"dssp-client/src/main/java/be/e_contract/dssp/client/metadata/DigitalSignatureServiceMetadata.java"}},{"signature_type":"Line","id":"CVE-2016-15011-bd561b7b","deprecated":false,"source":"https://github.com/e-contract/dssp/commit/ec4238349691ec66dd30b416ec6eaab02d722302","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["6674387965125354881111149989428882853","100741820504985357262218153349452233434","253366101641995550384755812786879052342","245037096886845520996519599411616661529","158852189579109359359946013476030639584","298614597347537877121532413760030558894","180181956682520524395173299138562004562","146502839243717526526406585366671557144","244996413515733361838850122849344525825","166554563875570093109470347687697544350","9427977046515615106319032886256396870","279044285883194738631442483325879094037","295198785562376785392477306514392217432","44714085523243422643465698936438435501","267608316591780380179772018605253867646","182074437577114148436758739432546664545","87621961972550109442760282702331746920","64897152403082006856773989396486955494","184138636401118235309885205539354874180","62633257528035095954429323509732904426"]},"target":{"file":"dssp-client/src/main/java/be/e_contract/dssp/client/SignResponseVerifier.java"}},{"signature_type":"Function","id":"CVE-2016-15011-d557e328","deprecated":false,"source":"https://github.com/e-contract/dssp/commit/ec4238349691ec66dd30b416ec6eaab02d722302","signature_version":"v1","digest":{"length":1591,"function_hash":"259495117689681377355427521574538727644"},"target":{"file":"dssp-client/src/main/java/be/e_contract/dssp/client/metadata/DigitalSignatureServiceMetadata.java","function":"DigitalSignatureServiceMetadata"}},{"signature_type":"Function","id":"CVE-2016-15011-fcf07dd1","deprecated":false,"source":"https://github.com/e-contract/dssp/commit/ec4238349691ec66dd30b416ec6eaab02d722302","signature_version":"v1","digest":{"length":4302,"function_hash":"249451297539985081987952306682300702892"},"target":{"file":"dssp-client/src/main/java/be/e_contract/dssp/client/SignResponseVerifier.java","function":"checkSignResponse"}}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-15011.json","vanir_signatures_modified":"2026-04-11T03:43:34Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}