CVE-2020-10683
ADVISORY - githubSummary
dom4j before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j.
Note: This advisory applies to dom4j:dom4j version 1.x legacy artifacts. To resolve this a change to the latest version of org.dom4j:dom4j is recommended.
EPSS Score: 0.01592 (0.808)
Common Weakness Enumeration (CWE)
ADVISORY - nist
Improper Restriction of XML External Entity Reference
ADVISORY - github
Improper Restriction of XML External Entity Reference
ADVISORY - gitlab
ADVISORY - redhat
Improper Restriction of XML External Entity Reference
NIST
CREATED
UPDATED
ADVISORY IDCVE-2020-10683
EXPLOITABILITY SCORE
3.9
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CVSS SCORE
9.8criticalGitHub
CREATED
UPDATED
ADVISORY IDGHSA-hwj3-m3p6-hj38
EXPLOITABILITY SCORE
3.9
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CVSS SCORE
9.8criticalDebian
CREATED
UPDATED
ADVISORY IDCVE-2020-10683
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
Ubuntu
CREATED
UPDATED
ADVISORY IDCVE-2020-10683
EXPLOITABILITY SCORE
3.9
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
9.8mediumRed Hat
CREATED
UPDATED
ADVISORY IDCVE-2020-10683
EXPLOITABILITY SCORE
2.2
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)