Debian 10261 Published by

A dom4j security update has been released for Debian GNU/Linux 7 Extended LTS



ELA-225-1 dom4j security update

Package dom4j
Version 1.6.1+dfsg.3-2+deb7u2
Related CVE CVE-2020-10683

An XML external external entity vulnerability was discovered in dom4j, a library for working with XML, XPath and XSLT formats on the Java platform.

This type of attack occurs when XML input containing a reference to an external entity is processed by a weakly configured XML parser. This attack may lead to the disclosure of confidential data, denial of service, server side request forgery, port scanning from the perspective of the machine where the parser is located as well as other system impacts.

For Debian 7 Wheezy, these problems have been fixed in version 1.6.1+dfsg.3-2+deb7u2.

We recommend that you upgrade your dom4j packages.

Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/

  ELA-225-1 dom4j security update