Bug 2246435 (CVE-2023-45960) - CVE-2023-45960 dom4j: XML External Entity on SAXReader
Summary: CVE-2023-45960 dom4j: XML External Entity on SAXReader
Keywords:
Status: NEW
Alias: CVE-2023-45960
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
unspecified
unspecified
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: 2246430
TreeView+ depends on / blocked
 
Reported: 2023-10-26 19:53 UTC by Patrick Del Bello
Modified: 2024-02-01 03:42 UTC (History)
56 users (show)

Fixed In Version:
Doc Type: ---
Doc Text:
An issue was found in org.dom4j that may allow a remote attacker to obtain sensitive information via the setFeature function. This CVE is currently disputed by the maintainers.
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)

Description Patrick Del Bello 2023-10-26 19:53:32 UTC
An issue in dom4.j org.dom4j.io.SAXReader v.2.1.4 and before allows a remote attacker to obtain sensitive information via the setFeature function.
https://github.com/advisories/GHSA-fgq9-fc3q-vqmw


Note You need to log in before you can comment on or make changes to this bug.