PT-2017-12606 · Apache · Apache Commons Jelly +1

Name of the Vulnerable Software and Affected Versions: Apache Commons Jelly versions prior to 1.0.1 Description: The issue arises during Jelly xml file parsing with Apache Xerces. If a custom doctype entity is declared with a "SYSTEM" entity with a URL and that entity is used in the body of the...