First published: Wed Oct 25 2023(Updated: )
## Withdrawn Advisory This advisory has been withdrawn because [the underlying vulnerability could not be reproduced](https://github.com/joker-xiaoyan/XXE-SAXReader/issues/1#issuecomment-1783780581). This link is maintained to preserve external references. ## Original Description An issue in dom4.j org.dom4.io.SAXReader v.2.1.4 and before allows a remote attacker to obtain sensitive information via the setFeature function.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
maven/org.dom4j:dom4j | <=2.1.4 | |
Dom4j | <=2.1.4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2023-45960.
The affected software is org.dom4j:dom4j version 2.1.4 and earlier.
A remote attacker can exploit this vulnerability by obtaining sensitive information through the setFeature function.
Yes, this vulnerability allows a remote attacker to obtain sensitive information, making it a security risk.
There are no known patches or fixes available at the moment. It is recommended to update to a version of org.dom4j:dom4j that is not vulnerable.