3 matches found
Security Bulletin: MongoDB Enterprised Advanced affected by: XML External Entity (XXE) vulnerability (CVE-2026-24400)
Summary There are vulnerabilities in assertj-core-3.27.6.jar used in MongoDB Enterprised Advanced for IBM, involving CVE-2026-24400. The vulnerability has been addressed. Vulnerability Details CVEID:CVE-2026-24400 DESCRIPTION: AssertJ provides Fluent testing assertions for Java and the Java Virtu...
CVE-2026-24400
CVE-2026-24400 : An XXE in AssertJās XML handling (XmlStringPrettyFormatter) allows exploitation when untrusted XML is processed via isXmlEqualTo(CharSequence) or xmlPrettyFormat(String). From version 1.4.0 up to before 3.27.7, the code initializes DocumentBuilderFactory with default settings, no...
AssertJ has XML External Entity (XXE) vulnerability when parsing untrusted XML via isXmlEqualTo assertion
An XML External Entity XXE vulnerability exists in org.assertj.core.util.xml.XmlStringPrettyFormatter: the toXmlDocumentString method initializes DocumentBuilderFactory with default settings, without disabling DTDs or external entities. This formatter is used by the isXmlEqualToCharSequence...