Lucene search
K

3 matches found

IBM Security Bulletins
IBM Security Bulletins
•added 2026/05/11 6:22 p.m.•11 views

Security Bulletin: MongoDB Enterprised Advanced affected by: XML External Entity (XXE) vulnerability (CVE-2026-24400)

Summary There are vulnerabilities in assertj-core-3.27.6.jar used in MongoDB Enterprised Advanced for IBM, involving CVE-2026-24400. The vulnerability has been addressed. Vulnerability Details CVEID:CVE-2026-24400 DESCRIPTION: AssertJ provides Fluent testing assertions for Java and the Java Virtu...

9.1CVSS7.2AI score0.00542EPSS
Exploits0Affected Software1
CVE
CVE
•added 2026/01/26 10:19 p.m.•660 views

CVE-2026-24400

CVE-2026-24400 : An XXE in AssertJ’s XML handling (XmlStringPrettyFormatter) allows exploitation when untrusted XML is processed via isXmlEqualTo(CharSequence) or xmlPrettyFormat(String). From version 1.4.0 up to before 3.27.7, the code initializes DocumentBuilderFactory with default settings, no...

9.1CVSS5.9AI score0.00542EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
•added 2026/01/26 9:31 p.m.•14 views

AssertJ has XML External Entity (XXE) vulnerability when parsing untrusted XML via isXmlEqualTo assertion

An XML External Entity XXE vulnerability exists in org.assertj.core.util.xml.XmlStringPrettyFormatter: the toXmlDocumentString method initializes DocumentBuilderFactory with default settings, without disabling DTDs or external entities. This formatter is used by the isXmlEqualToCharSequence...

9.1CVSS5.9AI score0.00542EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder