2246435 – (CVE-2023-45960) CVE-2023-45960 dom4j: XML External Entity on SAXReader

Bug 2246435 (CVE-2023-45960) - CVE-2023-45960 dom4j: XML External Entity on SAXReader

Summary: CVE-2023-45960 dom4j: XML External Entity on SAXReader

Keywords:
Status:	NEW
Alias:	CVE-2023-45960
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	2246430
TreeView+	depends on / blocked

Reported:	2023-10-26 19:53 UTC by Patrick Del Bello
Modified:	2024-02-01 03:42 UTC (History)
CC List:	56 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description Patrick Del Bello 2023-10-26 19:53:32 UTC

An issue in dom4.j org.dom4j.io.SAXReader v.2.1.4 and before allows a remote attacker to obtain sensitive information via the setFeature function.
https://github.com/advisories/GHSA-fgq9-fc3q-vqmw

Note You need to log in before you can comment on or make changes to this bug.

aazores
aileenc
asoldano
ataylor
bbaranow
bmaxwell
boliveir
brian.stansberry
cdewolf
chazlett
chfoley
cmiranda
darran.lofthouse
dhanak
dkreling
dosoudil
drichtar
eaguilar
ebaron
fjuma
gmalinko
ibek
ivassile
iweiss
janstey
jkang
jpallich
jrokos
jross
jscholz
kverlaen
lgao
mnovotny
mosmerov
msochure
mstefank
msvehla
mulliken
nwallace
pcongius
pdelbell
pdrozd
peholase
pjindal
pmackay
pskopek
rguimara
rjohnson
rkieley
rowaters
rstancel
sfroberg
smaestri
sthorger
swoodman
tom.jenkinson