logback / LOGBACK-1542 [Open] Fortify scan: dom4j Vulnerability ============================== Here's what changed in this issue in the last few minutes. This issue has been created This issue is now assigned to you. View or comment on issue using this link https://jira.qos.ch/browse/LOGBACK-1542 ============================== Issue created ------------------------------ xavier lamourec created this issue on 23/Nov/20 11:53 AM Summary: Fortify scan: dom4j Vulnerability Issue Type: Bug Assignee: Logback dev list Components: logback-classic Created: 23/Nov/20 11:53 AM Environment: Hi Team, A security issue has been raised by our Fortify scan for the following component: {code}dom4j - XML eXternal Entity (XXE)\{code} *Component Name:* org.dom4j:dom4j *Component Version:* 2.1.1 *Repository:* maven *Instance ID:* B294C4B2311CED0EF0D8F9827BB423C1 *Primary Rule ID:* CVE-2020-10683 *CVSS Base Score:* 7.6 *CVSS Vector:* CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H [https://nvd.nist.gov/vuln/detail/CVE-2020-10683] [https://cwe.mitre.org/data/definitions/611.html|https://cwe.mitre.org/data/definitions/611.html] Priority: Major Reporter: xavier lamourec ============================== This message was sent by Atlassian Jira (v8.8.0#808000-sha1:e2c7e59)