[logback-dev] [JIRA] Updates for LOGBACK-1542: Fortify scan: dom4j Vulnerability

QOS.CH (JIRA) noreply-jira at qos.ch
Mon Nov 23 12:05:00 CET 2020


logback / LOGBACK-1542 [Open]
Fortify scan: dom4j Vulnerability

==============================

Here's what changed in this issue in the last few minutes.
This issue has been created
This issue is now assigned to you.

View or comment on issue using this link
https://jira.qos.ch/browse/LOGBACK-1542

==============================
 Issue created
------------------------------

xavier lamourec created this issue on 23/Nov/20 11:53 AM
Summary:              Fortify scan: dom4j Vulnerability
Issue Type:           Bug
Assignee:             Logback dev list
Components:           logback-classic
Created:              23/Nov/20 11:53 AM
Environment:
  Hi Team, 
  
  A security issue has been raised by our Fortify scan for the following component:
  
  {code}dom4j - XML eXternal Entity (XXE)\{code}
  
   
  *Component Name:* org.dom4j:dom4j
  *Component Version:* 2.1.1
  *Repository:* maven
  *Instance ID:* B294C4B2311CED0EF0D8F9827BB423C1
  *Primary Rule ID:* CVE-2020-10683
  *CVSS Base Score:* 7.6
  *CVSS Vector:* CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
   
   
  [https://nvd.nist.gov/vuln/detail/CVE-2020-10683]
  [https://cwe.mitre.org/data/definitions/611.html|https://cwe.mitre.org/data/definitions/611.html]
Priority:             Major
Reporter:             xavier lamourec


==============================
 This message was sent by Atlassian Jira (v8.8.0#808000-sha1:e2c7e59)



More information about the logback-dev mailing list