4 matches found
CVE-2026-24400
AssertJ provides Fluent testing assertions for Java and the Java Virtual Machine JVM. Starting in version 1.4.0 and prior to version 3.27.7, an XML External Entity XXE vulnerability exists in org.assertj.core.util.xml.XmlStringPrettyFormatter: the toXmlDocumentString method initializes...
CVE-2026-24400
AssertJ provides Fluent testing assertions for Java and the Java Virtual Machine JVM. Starting in version 1.4.0 and prior to version 3.27.7, an XML External Entity XXE vulnerability exists in org.assertj.core.util.xml.XmlStringPrettyFormatter: the toXmlDocumentString method initializes...
CVE-2026-24400
CVE-2026-24400 affects AssertJ: up to 3.27.7 contains an XXE risk in XmlStringPrettyFormatter.toXmlDocument(String) used by isXmlEqualTo(CharSequence) and xmlPrettyFormat(String). Versions before 3.27.7 are vulnerable if untrusted XML is processed, potentially enabling local file disclosure (file...
AssertJ code issue vulnerabilities
AssertJ is an open-source unit testing tool developed by AssertJ. In versions 1.4.0 to 3.27.7 of AssertJ, there were code vulnerabilities. These vulnerabilities stemmed from an XML external entity vulnerability in XmlStringPrettyFormatter, which could allow for the reading of arbitrary local file...