An issue in dom4.j org.dom4.io.SAXReader v.2.1.4 and before allows a remote attacker to obtain sensitive information via the setFeature function. NOTE: the vendor and original reporter indicate that this is not a vulnerability because setFeature only sets features, which “can be safe in one case and unsafe in another.”
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | dom4j | <= 2.1.3-2 | dom4j_2.1.3-2_all.deb |
Debian | 11 | all | dom4j | <= 2.1.3-1 | dom4j_2.1.3-1_all.deb |
Debian | 10 | all | dom4j | <= 2.1.1-2 | dom4j_2.1.1-2_all.deb |
Debian | 999 | all | dom4j | <= 2.1.3-2 | dom4j_2.1.3-2_all.deb |