CVE-2020-10683

Опубликовано: 15 апр. 2020

Источник: redhat

CVSS3: 7.4

EPSS Низкий

Описание

dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j.

Отчет

OpenShift Container Platform ships a vulnerable version of dom4j library. However it's used to parse configuration files, which are local disk resources. We've rated this issue with a moderate impact for OpenShift Container Platform.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat BPM Suite 6	dom4j	Out of support scope
Red Hat Enterprise Linux 7	dom4j	Affected
Red Hat JBoss BRMS 5	dom4j	Out of support scope
Red Hat JBoss BRMS 6	dom4j	Out of support scope
Red Hat JBoss Data Grid 7	dom4j	Not affected
Red Hat JBoss Data Virtualization 6	dom4j	Out of support scope
Red Hat JBoss Enterprise Application Platform 5	dom4j	Out of support scope
Red Hat JBoss Enterprise Application Platform 6	dom4j	Out of support scope
Red Hat JBoss Enterprise Web Server 2	dom4j	Out of support scope
Red Hat JBoss Enterprise Web Server 3	dom4j	Out of support scope

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-611

https://bugzilla.redhat.com/show_bug.cgi?id=1694235dom4j: XML External Entity vulnerability in default SAX parser

EPSS

Процентиль: 92%

0.07684

Низкий

7.4 High

CVSS3

Связанные уязвимости

CVE-2020-10683

CVSS3: 9.8

ubuntu

почти 6 лет назад

CVE-2020-10683

CVSS3: 9.8

nvd

почти 6 лет назад

CVE-2020-10683

CVSS3: 9.8

debian

почти 6 лет назад

dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and Ext ...

openSUSE-SU-2020:0719-1

suse-cvrf

больше 5 лет назад

Security update for dom4j

GHSA-hwj3-m3p6-hj38

CVSS3: 9.8

github

больше 5 лет назад

dom4j allows External Entities by default which might enable XXE attacks

EPSS

Процентиль: 92%

0.07684

Низкий

7.4 High

CVSS3