GHSA-fgq9-fc3q-vqmw
Suggest an improvement- Source
- https://github.com/advisories/GHSA-fgq9-fc3q-vqmw
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/10/GHSA-fgq9-fc3q-vqmw/GHSA-fgq9-fc3q-vqmw.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-fgq9-fc3q-vqmw
- Withdrawn
- 2023-10-31T20:21:23Z
- Published
- 2023-10-25T18:32:23Z
- Modified
- 2024-11-30T05:34:52.582499Z
- Summary
- Withdrawn Advisory: dom4j XML Entity Expansion vulnerability
- Details
-
Withdrawn Advisory
This advisory has been withdrawn because the underlying vulnerability could not be reproduced. This link is maintained to preserve external references.
Original Description
An issue in dom4.j org.dom4.io.SAXReader v.2.1.4 and before allows a remote attacker to obtain sensitive information via the setFeature function.
- Database specific
{ "nvd_published_at": "2023-10-25T18:17:35Z", "cwe_ids": [ "CWE-776" ], "github_reviewed_at": "2023-10-27T19:50:41Z", "severity": "MODERATE", "github_reviewed": true }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2023-45960
- https://github.com/dom4j/dom4j/issues/171#issuecomment-1781547256
- https://github.com/joker-xiaoyan/XXE-SAXReader/issues/1
- https://dom4j.github.io
- https://github.com/dom4j/dom4j
- https://github.com/joker-xiaoyan/XXE-SAXReader/blob/8c0d24f9800c36c8ad36457c1df1e4aaff24c7b9/POC.java
- https://github.com/joker-xiaoyan/XXE-SAXReader/tree/main
Affected packages
Maven / org.dom4j:dom4j
Package
- Name
- org.dom4j:dom4j
- View open source insights on deps.dev
- Purl
- pkg:maven/org.dom4j/dom4j