Headline
GHSA-fgq9-fc3q-vqmw: dom4j XML Entity Expansion vulnerability
An issue in dom4.j org.dom4.io.SAXReader v.2.1.4 and before allows a remote attacker to obtain sensitive information via the setFeature function.
dom4j XML Entity Expansion vulnerability
Moderate severity GitHub Reviewed Published Oct 25, 2023 to the GitHub Advisory Database • Updated Oct 27, 2023
Related news
CVE-2023-45960: GitHub - joker-xiaoyan/XXE-SAXReader
** DISPUTED ** An issue in dom4.j org.dom4.io.SAXReader v.2.1.4 and before allows a remote attacker to obtain sensitive information via the setFeature function. NOTE: the vendor and original reporter indicate that this is not a vulnerability because setFeature only sets features, which "can be safe in one case and unsafe in another."