-
janusgraph-core, janusgraph-cql and janusgraph-solr indirectly depend on dom4j.
Which the dependency reflections uses.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1000632
**Decri…
-
## CVE-2020-10683 - Critical Severity Vulnerability
Vulnerable Library - dom4j-1.6.1.jar
dom4j: the flexible XML framework for Java
Library home page: http://dom4j.org
Path to dependency file: /infr…
-
Building the project created by the multi-module archetype results in this warning:
> WARNING: An illegal reflective access operation has occurred
>WARNING: Illegal reflective access by org.dom4j.…
-
**Description**
dom4j before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to …
-
**Description**
dom4j before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to …
-
检测到 YYYQG/pay-learn 一共引入了37个开源组件,存在2个漏洞
```
漏洞标题:dom4j 安全漏洞
缺陷组件:dom4j:dom4j@1.6.1
漏洞编号:CVE-2018-1000632
漏洞描述:dom4j是一款支持DOM、SAX、JAXP和Java平台的用于处理XML文件的开源框架。
dom4j 2.1.1之前版本中的Class: Element存在安全漏洞,该漏洞源于程…
ghost updated
2 years ago
-
Dear dom4j developers,
Fuzzing has found a stack overflow in [OSS-Fuzz](https://github.com/google/oss-fuzz) with JVM Fuzzer [Jazzer](https://github.com/CodeIntelligenceTesting/jazzer) in dom4j. We…
-
**Description**
dom4j prior to 2.0.3 and 2.1.x prior to 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an attacker tamp…
-
my dom4j version
```xml
dom4j
dom4j
1.6.1
```
my usage
```java
// String xmlStr
// ...
Document doc = DocumentHelper.parseText(xmlStr);
```
and when I Pressure test…
-
## CVE-2018-1000632 - High Severity Vulnerability
Vulnerable Library - dom4j-1.6.1.jar
dom4j: the flexible XML framework for Java
Library home page: http://dom4j.org
Path to dependency file: object-…