JDOM XXE vulnerability
Issue date: 21-09-2021Affects versions: 14.6, 13.4, 12.6
Security Issue ID
SECURITY-240
Affected Product Version(s)
14.6.0, 13.4.9, 12.6.16, and previous releases.
Severity
high
Description
An XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to cause a denial of service via a crafted HTTP request.
CWE-611 Improper Restriction of XML External Entity Reference ('XXE')
This vulnerability was mitigated by disabling external entity expanssion for all usages of the JDOM library.
Instructions
Customers using the 12.x, 13.x and 14.x major versions are recommended to upgrade to the latest version in that series.