Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Improper Restriction of XML External Entity Reference in Dragonfly
Vulnerability Description
Dragonfly is a Java runtime dependency management library. Dragonfly v0.3.0-SNAPSHOT does not configure DocumentBuilderFactory to prevent XML external entity (XXE) attacks. This issue is patched in 0.3.1-SNAPSHOT. As a workaround, since Dragonfly only parses XML `SNAPSHOT` versions are being resolved, this vulnerability may be avoided by not trying to resolve `SNAPSHOT` versions.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L
Vulnerability Type
XML外部实体引用的不恰当限制(XXE)
Vulnerability Title
Dragonfly 代码问题漏洞
Vulnerability Description
Dragonfly是一个框架,可以对任何内容类型进行动态处理。 Dragonfly v0.3.0-SNAPSHOT版本存在代码问题漏洞,该漏洞源于其没有配置DocumentBuilderFactory允许攻击者实现XML外部实体攻击。
CVSS Information
N/A
Vulnerability Type
N/A