3 matches found
SUSE CVE-2026-40682
XML External Entity XXE via Unsanitized Dictionary Parsing in Apache OpenNLP DictionaryEntryPersistor Versions Affected: before 2.5.9, before 3.0.0-M3 Description: The DictionaryEntryPersistor class initializes a static SAXParserFactory at class-load time without enabling FEATURESECUREPROCESSING ...
XML External Entity (XXE) Injection
Overview Affected versions of this package are vulnerable to XML External Entity XXE Injection in the SAX parse. An attacker can access sensitive information by submitting XML input referencing external entities. Details XXE Injection is a type of attack against an application that parses XML...
PT-2018-8384 · Red Hat · Jboss Eap
Name of the Vulnerable Software and Affected Versions: JBoss EAP version 7.0 Description: The JAXP implementation used for SAX and DOM parsing in JBoss EAP is susceptible to certain XXE flaws. This could allow an attacker to cause a denial of service, server-side request forgery, or information...