CVE-2023-45960 – org.dom4j:dom4j

Package

Manager: maven
Name: org.dom4j:dom4j
Vulnerable Version: <0

Severity

Level: Medium

CVSS v3.1: N/A

CVSS v4.0: N/A

EPSS: N/A pctlN/A

Details

Withdrawn Advisory: dom4j XML Entity Expansion vulnerability ## Withdrawn Advisory This advisory has been withdrawn because [the underlying vulnerability could not be reproduced](https://github.com/joker-xiaoyan/XXE-SAXReader/issues/1#issuecomment-1783780581). This link is maintained to preserve external references. ## Original Description An issue in dom4.j org.dom4.io.SAXReader v.2.1.4 and before allows a remote attacker to obtain sensitive information via the setFeature function.

Metadata

Created: 2023-10-25T18:32:23Z
Modified: 2023-10-31T20:21:23Z
Source: MANUAL
CWE IDs: ["CWE-776"]
Alternative ID: GHSA-fgq9-fc3q-vqmw
Finding: N/A
Auto approve: 0