CVEs-PoC/2020/CVE-2020-10683.md at 2cdac9784d4ce6294c8cf0ecc79ccb3eb2aefbf1

CalvinBackup/CVEs-PoC

Fork 0

mirror of https://github.com/0xMarcio/cve.git synced 2026-05-14 19:18:06 +02:00

Files

T

0xMarcio 6100550298 Update CVE sources 2024-06-22 09:37

2024-06-22 09:37:59 +00:00

Description

dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j.

POC

Reference

https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpujan2021.html
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com/security-alerts/cpujul2020.html
https://www.oracle.com/security-alerts/cpujul2022.html
https://www.oracle.com/security-alerts/cpuoct2020.html
https://www.oracle.com/security-alerts/cpuoct2021.html

Github

https://github.com/ARPSyndicate/cvemon
https://github.com/Anonymous-Phunter/PHunter
https://github.com/CGCL-codes/PHunter
https://github.com/LibHunter/LibHunter
https://github.com/OWASP/www-project-ide-vulscanner

1.3 KiB Raw Blame History

CVE-2020-10683

Description

POC

Reference

Github

1.3 KiB

Raw Blame History