Back to search
CVE-2020-10683
Published: May 1, 2020
Modified: Aug 4, 2024
PUBLISHED
Description
dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
openSUSE-SU-2020:0719
vendor-advisory
x_refsource_SUSE
https://www.oracle.com/security-alerts/cpujul2020.html
x_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=1694235
x_refsource_MISC
https://github.com/dom4j/dom4j/releases/tag/version-2.1.3
x_refsource_CONFIRM
https://security.netapp.com/advisory/ntap-20200518-0002/
x_refsource_CONFIRM
USN-4575-1
vendor-advisory
x_refsource_UBUNTU
https://www.oracle.com/security-alerts/cpuoct2020.html
x_refsource_MISC
https://github.com/dom4j/dom4j/issues/87
x_refsource_MISC
https://github.com/dom4j/dom4j/commits/version-2.0.3
x_refsource_MISC
[velocity-dev] 20201203 Use of external DTDs - CVE-2020-10683
mailing-list
x_refsource_MLIST
[velocity-dev] 20201203 Re: Use of external DTDs - CVE-2020-10683
mailing-list
x_refsource_MLIST
https://www.oracle.com/security-alerts/cpujan2021.html
x_refsource_MISC
https://www.oracle.com/security-alerts/cpuApr2021.html
x_refsource_MISC
https://www.oracle.com//security-alerts/cpujul2021.html
x_refsource_MISC
https://www.oracle.com/security-alerts/cpuoct2021.html
x_refsource_MISC
https://www.oracle.com/security-alerts/cpujan2022.html
x_refsource_MISC
https://www.oracle.com/security-alerts/cpujul2022.html
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now