Описание
An issue was found in org.dom4j that may allow a remote attacker to obtain sensitive information via the setFeature function. This CVE is currently disputed by the maintainers.
Отчет
This CVE was reported to Mitre via a third party in a discussion in their Github page and not from the maintainers of the org.dom4j package. They do not consider this a CVE on dom4j, as this may depend on how you are using setFeature methods and the underlying parser, which may be different from one scenario to another. For this reason, there is a reference in the External References section explaining that this CVE is currently being disputed. Therefore, the CVSS and Impact are 0 and None, respectively.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Cryostat 2 | dom4j | Not affected | ||
| Migration Toolkit for Applications 6 | dom4j | Not affected | ||
| Migration Toolkit for Runtimes | dom4j | Not affected | ||
| Red Hat AMQ Broker 7 | dom4j | Not affected | ||
| Red Hat Data Grid 8 | dom4j | Not affected | ||
| Red Hat Decision Manager 7 | dom4j | Not affected | ||
| Red Hat Fuse 7 | dom4j | Not affected | ||
| Red Hat Integration Camel K 1 | dom4j | Not affected | ||
| Red Hat JBoss Data Grid 7 | dom4j | Not affected | ||
| Red Hat JBoss Enterprise Application Platform 6 | dom4j | Not affected |
Показывать по
Дополнительная информация
0 Low
CVSS3
Связанные уязвимости
Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
Withdrawn Advisory: dom4j XML Entity Expansion vulnerability
0 Low
CVSS3