3 matches found
CVE-2022-41967
Dragonfly is a Java runtime dependency management library. Dragonfly v0.3.0-SNAPSHOT does not configure DocumentBuilderFactory to prevent XML external entity XXE attacks. This issue is patched in 0.3.1-SNAPSHOT. As a workaround, since Dragonfly only parses XML SNAPSHOT versions are being resolved...
CVE-2022-41967 Improper Restriction of XML External Entity Reference in Dragonfly
Dragonfly is a Java runtime dependency management library. Dragonfly v0.3.0-SNAPSHOT does not configure DocumentBuilderFactory to prevent XML external entity XXE attacks. This issue is patched in 0.3.1-SNAPSHOT. As a workaround, since Dragonfly only parses XML SNAPSHOT versions are being resolved...
CVE-2022-41967 Improper Restriction of XML External Entity Reference in Dragonfly
Dragonfly is a Java runtime dependency management library. Dragonfly v0.3.0-SNAPSHOT does not configure DocumentBuilderFactory to prevent XML external entity XXE attacks. This issue is patched in 0.3.1-SNAPSHOT. As a workaround, since Dragonfly only parses XML SNAPSHOT versions are being resolved...