← Back to CVE List

CVE-2023-38693

Published: 2025-03-05T16:15Z
Last Modified: 2025-03-05T16:15Z
Source: MITRE CVE List
License: MITRE-CVE-TOS
Lucee Server (or simply Lucee) is a dynamic, Java based, tag and scripting language used for rapid web application development. The Lucee REST endpoint is vulnerable to RCE via an XML XXE attack. This vulnerability is fixed in Lucee 5.4.3.2, 5.3.12.1, 5.3.7.59, 5.3.8.236, and 5.3.9.173. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt