ROOT-APP-MAVEN-CVE-2026-24400 CVE-2026-24400 in io.root.org.assertj:assertj-core - Patched by Root

Root has patched CVE-2026-24400 in the io.root.org.assertj:assertj-core package for Root:Maven. Multiple fixed versions available...

Security Bulletin: IBM Operator for Apache Flink is affected by a vulnerability in AssertJ library (CVE-2026-24400)

Summary This security vulnerability in the AssertJ library used within IBM Event Processing could allow an attacker to exploit specially crafted XML input to cause local file disclosure, server-side request forgery SSRF, or denial of service in Java-based components running on the Apache Flink...

Security Bulletin: IBM Operator for Apache Flink is affected by a vulnerability in AssertJ library (CVE-2026-24400)

Summary This security vulnerability in the AssertJ library used within IBM Event Processing could allow an attacker to exploit specially crafted XML input to cause local file disclosure, server-side request forgery SSRF, or denial of service in Java-based components running on the Apache Flink...

Security Bulletin: MongoDB Enterprised Advanced affected by: XML External Entity (XXE) vulnerability (CVE-2026-24400)

Summary There are vulnerabilities in assertj-core-3.27.6.jar used in MongoDB Enterprised Advanced for IBM, involving CVE-2026-24400. The vulnerability has been addressed. Vulnerability Details CVEID:CVE-2026-24400 DESCRIPTION: AssertJ provides Fluent testing assertions for Java and the Java Virtu...

Security Bulletin: IBM Maximo Application Suite - IoT Component uses multiple third party dependencies which is vulnerable to multiple CVEs.

Summary IBM Maximo Application Suite - IoT Component uses assertj-core-3.27.6.jar, minimatch-3.1.2.tgz, flask-3.1.2-py3-none-any.whl and werkzeug-3.1.5-py3-none-any.whl third party dependencies which is vulnerable to CVE-2026-24400, CVE-2026-26996, CVE-2026-27205 and CVE-2026-27199. This bulletin...

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in AssertJ (CVE-2026-24400)

Summary A vulnerability in AssertJ that is used by InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2026-24400 DESCRIPTION: AssertJ provides Fluent testing assertions for Java and the Java Virtual Machine JVM. Starting in version 1.4.0 and prior to version 3.27.7, an X...

SUSE: Security Advisory (SUSE-SU-2026:20604-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Amazon Linux 2023 : javapackages-bootstrap (ALAS2023-2026-1449)

"It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1449 advisory. AssertJ provides Fluent testing assertions for Java and the Java Virtual Machine JVM. Starting in version 1.4.0 and prior to version 3.27.7, an XML External Entity XXE vulnerability exists in...

Amazon Linux 2023 : assertj-core, assertj-core-javadoc (ALAS2023-2026-1448)

"It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1448 advisory. AssertJ provides Fluent testing assertions for Java and the Java Virtual Machine JVM. Starting in version 1.4.0 and prior to version 3.27.7, an XML External Entity XXE vulnerability exists in...

openSUSE 16 Security Update : assertj-core (openSUSE-SU-2026:20298-1)

The remote openSUSE 16 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2026:20298-1 advisory. Upgrade to version 3.27.7: - CVE-2026-24400: Fix XXE vulnerability in isXmlEqualTo assertion bsc1257293. Tenable has extracted the preceding description...

SUSE SLES16 Security Update : assertj-core (SUSE-SU-2026:20604-1)

The remote SUSE Linux SLES16 / SLESSAP16 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:20604-1 advisory. Upgrade to version 3.27.7: - CVE-2026-24400: Fix XXE vulnerability in isXmlEqualTo assertion bsc1257293. Tenable has extracted the precedin...

Medium: javapackages-bootstrap

Issue Overview: AssertJ provides Fluent testing assertions for Java and the Java Virtual Machine JVM. Starting in version 1.4.0 and prior to version 3.27.7, an XML External Entity XXE vulnerability exists in org.assertj.core.util.xml.XmlStringPrettyFormatter: the toXmlDocumentString method...

Security update for assertj-core (moderate)

openSUSE security update: security update for assertj-core ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20298-1 Rating: moderate References: bsc1257293 Cross-References: CVE-2026-24400 CVSS scores: CVE-2026-24400 SUSE : 6.1...

Medium: assertj-core

Issue Overview: AssertJ provides Fluent testing assertions for Java and the Java Virtual Machine JVM. Starting in version 1.4.0 and prior to version 3.27.7, an XML External Entity XXE vulnerability exists in org.assertj.core.util.xml.XmlStringPrettyFormatter: the toXmlDocumentString method...

SUSE-SU-2026:20604-1 Security update for assertj-core

This update for assertj-core fixes the following issues: Upgrade to version 3.27.7: - CVE-2026-24400: Fix XXE vulnerability in isXmlEqualTo assertion bsc1257293...

OPENSUSE-SU-2026:20298-1 Security update for assertj-core

This update for assertj-core fixes the following issues: Upgrade to version 3.27.7: - CVE-2026-24400: Fix XXE vulnerability in isXmlEqualTo assertion bsc1257293...

Security Bulletin: Vulnerability assertj-core, spring-security-crypto, werkzeug, urllib, libsodium, jersey-client, log4j, dmidecode-dmidecode, and aide affect IBM Cloud Object Storage Systems (FEB 2026)

Summary Vulnerability with assertj-core-3.27.3 CVE-2026-24400 , spring-security-crypto-6.4.4 CVE-2025-22234 , werkzeug-3.1.3-py3 CVE-2026-21860,CVE-2025-66221 , urllib3-2.5.0-py3CVE-2025-66418,CVE-2025-66471, CVE-2026-21441 , libsodiumCVE-2025-69277 jersey-client-2.25.1CVE-2025-12383 ,...

XML External Entity (XXE)

org.assertj, assertj-core is vulnerable to XML External Entity XXE. The vulnerability is due to the DocumentBuilderFactory in org.assertj.core.util.xml.XmlStringPrettyFormatter.toXmlDocumentString being initialized with default settings without disabling DTDs or external entities, which allows an...

openSUSE Security Advisory (SUSE-SU-2026:0344-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE 15 Security Update : assertj-core (SUSE-SU-2026:0344-1)

The remote openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2026:0344-1 advisory. Upgrade to version 3.27.7: - CVE-2026-24400: Fix XXE vulnerability in isXmlEqualTo assertion bsc1257293. Tenable has extracted the preceding description bloc...