Vulnerability

CVE-2020-10683

 Report advisory or correction

CVSS Score 9.8 critical

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-611

References

https://bugzilla.redhat.com/show_bug.cgi?id=1694235
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-10683

[CVE-2020-10683] CWE-611: Improper Restriction of XML External Entity Reference ('XXE')

Description

dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j.

Deviation Notice:
Sonatype's research suggests that this CVE's details differ from those defined at NVD or other reporting sources; sign in for details.

Sign up and see:

Detailed deviation notices:
  • Detailed deviations
  • References
  • Custom Descriptions [Coming Soon]
Sign Up
See dom4j/dom4j package information