CVE-2023-46502
Improper Restriction of XML External Entity Reference in maven/org.opencrx/opencrx-core
Identifiers
CVE-2023-46502
Package Slug
maven/org.opencrx/opencrx-core
Vulnerability
Improper Restriction of XML External Entity Reference
Description
An issue in openCRX v.5.2.2 allows a remote attacker to read internal files and execute server side request forgery attack via insecure DocumentBuilderFactory.
Affected Versions
Version 5.2.2
Solution
Upgrade to version 5.3.0 or above.
Last Modified
2023-11-07
| source |