Updated dom4j packages fix a security vulnerability
Publication date: 17 Jan 2021Modification date: 17 Jan 2021
Type: security
Affected Mageia releases : 7
CVE: CVE-2020-10683
Description
A flaw was found in the dom4j library. By using the default SaxReader()
provided by Dom4J, external DTDs and External Entities are allowed, resulting
in a possible XXE (CVE-2020-10683).
References
SRPMS
7/core
- dom4j-2.0.0-4.1.mga7