Headline
CVE-2023-45960: GitHub - joker-xiaoyan/XXE-SAXReader
** DISPUTED ** An issue in dom4.j org.dom4.io.SAXReader v.2.1.4 and before allows a remote attacker to obtain sensitive information via the setFeature function. NOTE: the vendor and original reporter indicate that this is not a vulnerability because setFeature only sets features, which “can be safe in one case and unsafe in another.”
A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Related news
GHSA-fgq9-fc3q-vqmw: dom4j XML Entity Expansion vulnerability
An issue in dom4.j org.dom4.io.SAXReader v.2.1.4 and before allows a remote attacker to obtain sensitive information via the setFeature function.