2 matches found
CVE-2024-8602 XML Eternal Entity Attack in the Software Library taxstatement.jar
When the XML is read from the codes in the PDF and parsed using a DocumentBuilder, the default settings of the DocumentBuilder allow for an XXE XML External Entity attack. Further information on this can be found on the website of the Open Worldwide Application Security Project OWASP. An attacker...
CVE-2024-8602
CVE-2024-8602 concerns XXE in XML parsing from PDFs via the default DocumentBuilder settings in taxstatement.jar. Connected data confirms affected software: taxstatement.jar versions 2.2.2 and 2.2.4. Root cause: DocumentBuilder configured to allow external entities, enabling an XML external entit...