{"id":"CVE-2019-13031","details":"LemonLDAP::NG before 1.9.20 has an XML External Entity (XXE) issue when submitting a notification to the notification server. By default, the notification server is not enabled and has a \"deny all\" rule.","modified":"2026-04-10T04:14:35.963360Z","published":"2019-06-28T23:15:09.297Z","references":[{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2019/07/msg00003.html"},{"type":"REPORT","url":"https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/issues/1820"},{"type":"ARTICLE","url":"https://www.calypt.com/blog/index.php/cve-2019-13031-xxe-on-lemonldapng-2-0-5/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng","events":[{"introduced":"0"},{"fixed":"d183cbcb59c5e32d0eb142da434a5e13cb3367fe"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"1.9.20"}]}}],"versions":["v1.9.14","v1.9.15","v1.9.18","v1.9.19"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-13031.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"8.0"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}