Maven/Log4net/Apache-Log4net | GitLab Advisory Database

Improper Restriction of XML External Entity Reference

Apache log4net does not disable XML external entities when parsing log4net configuration files. This could allow for XXE-based attacks in applications that accept arbitrary configuration files from users.

Advisories for Maven/Log4net/Apache-Log4net package