CVE-2023-45960: dom4j XML Entity Expansion vulnerability

October 25, 2023 (updated October 27, 2023)

This advisory has been marked as a False Positive and has been removed.

References

dom4j.github.io/
github.com/advisories/GHSA-fgq9-fc3q-vqmw
github.com/joker-xiaoyan/XXE-SAXReader/blob/8c0d24f9800c36c8ad36457c1df1e4aaff24c7b9/POC.java
nvd.nist.gov/vuln/detail/CVE-2023-45960

Code Behaviors & Features

Detect and mitigate CVE-2023-45960 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →