This advisory has been withdrawn because the underlying vulnerability could not be reproduced. This link is maintained to preserve external references.
An issue in dom4.j org.dom4.io.SAXReader v.2.1.4 and before allows a remote attacker to obtain sensitive information via the setFeature function.
CPE | Name | Operator | Version |
---|---|---|---|
org.dom4j:dom4j | le | 2.1.4 |
dom4j.github.io/
github.com/advisories/GHSA-fgq9-fc3q-vqmw
github.com/dom4j/dom4j/issues/171#issuecomment-1781547256
github.com/joker-xiaoyan/XXE-SAXReader/blob/8c0d24f9800c36c8ad36457c1df1e4aaff24c7b9/POC.java
github.com/joker-xiaoyan/XXE-SAXReader/issues/1
github.com/joker-xiaoyan/XXE-SAXReader/tree/main
nvd.nist.gov/vuln/detail/CVE-2023-45960