Описание
dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was needed |
| devel | not-affected | 2.1.3-1 |
| eoan | ignored | end of life |
| esm-apps/bionic | needed | |
| esm-apps/focal | needed | |
| esm-apps/jammy | not-affected | 2.1.3-1 |
| esm-apps/noble | not-affected | 2.1.3-1 |
| esm-apps/xenial | released | 1.6.1+dfsg.3-2ubuntu1.1 |
| esm-infra-legacy/trusty | needs-triage | |
| focal | ignored | end of standard support, was needed |
Показывать по
EPSS
7.5 High
CVSS2
9.8 Critical
CVSS3
Связанные уязвимости
dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j.
dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j.
dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and Ext ...
dom4j allows External Entities by default which might enable XXE attacks
EPSS
7.5 High
CVSS2
9.8 Critical
CVSS3