[email protected] – Dom4J: external XML entity injection via SaxReader, analyzed on 01/05/2020

CERT-LatestNews ThreatsCybercrime VulnerabilitiesAll VulnerabilitiesApplications VulnerabilitiesDBMS VulnerabilitiesLinux

The [email protected] team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Synthesis of the vulnerability An attacker can transmit malicious XML data via SaxReader() to Dom4J, in order to read a file, scan sites, or trigger a denial of service.