dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2020-05-01T18:55:25

Updated: 2024-08-04T11:06:11.156Z

Reserved: 2020-03-20T00:00:00

Link: CVE-2020-10683

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2020-05-01T19:15:12.927

Modified: 2023-11-07T03:14:11.907

Link: CVE-2020-10683

cve-icon Redhat

Severity : Moderate

Publid Date: 2020-04-15T00:00:00Z

Links: CVE-2020-10683 - Bugzilla